-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] OAuth login wouldn't get redirected on tablet android devices #2932
Comments
I may have stumbled upon a fix for Android. I stumbled upon it because I'm using Auth0 who do not accept custom schemes with the precise shape used by Immich in their input validation for callbacks, i.e. I discovered that by adding two forward slashes to the requested callback (it can be modified because it's not part of the signed payload) then two necessary things happen: the IdP accepts the callback (as long as In summary, if there were a toggle in Immich admin to configure the mobile client to request a callback on |
I partially worked around the Auth0 limitation on iOS in the same way. I captured the initiating auth request URL with the requested callback and modified it to match the one that's allowed by Auth0, The flow succeeds until the redirect is finally called and If I change Immich to use a mobile URI override that responds with It seems the problem is universal to mobile-initiated OAuth, and possibly limited to cases where the mobile URI override is necessary. |
That scheme has always looked weird to me. Is it normal? Should it really have two forward slashes instead? |
There's probably some historical reason why |
Honestly, I'd be fine changing it from |
Cool. I'm testing the change for Android. Can someone tell me how or help with testing in iOS? I have an old iPhone SE. |
Damn. I can't believe this is actually getting resolved (hopefully). Fingers crossed! |
Does anyone have a Flutter env set up on macOS? I'm guessing that we've built and tested manually for iOS because the mobile build workflow targets only Android. It would be good to have a few more Android testers at least, too. @Pheggas will you loan one of your Android devices to this cause by installing the test build (link may require GitHub login)? To test, uninstall the Immich app and unzip the download. If you can't find a way to do it on mobile then attach Android device with USB and enable developer option USB debugging so you can run |
Sure. I already did and it does exactly the same thing it did before. Is there something i should alter in the setup in order to have correct setup? For your information, i have configured Google OAuth for mobile using this method. And as it points to |
To confirm, you installed the experimental "release" APK from this branch that changes the requested callback to With this configuration, you still experience the following symptom after successfully authenticating with Google on an Android tablet device: there are no errors, and the experimental build of the Immich app is launched, but not logged in. Instead, the login screen or server URL form are displayed, as if the token was not successfully passed to the app. The Immich app has a "logs" link at the bottom of the UI. Will you see if there are any clues there about why the final oauth step failed? |
Sorry for late reply. I tried to add That's why i didn't follow the default option with |
This tells me Google OAuth requires only standard, not custom, URI schemes, so it's necessary to utilize Immich's URI redirector feature with Google. For example, configure Google OAuth with authorized redirect URI |
As i don't want to mess up my existing setup, i'll spin up new instance with immich and reply you with results. This would take some time (days) so please, be patient. I'll let you know. |
Wonderful. Thank you for the assist. I found that Immich's endpoint |
The bug
According to our discussion, i'm opening this issue. I have 3 Android tablet devices at home from which none is able to login with OAuth. After i enter correct URL as target server and click
Login with OAuth
(and in case of having multiple google accounts log in, selecting correct google account), Chrome embeded browser will just close (as it should) and Immich will show the initial screen with target server URL again without properly log me in.It only happens on tablet devices, not mobile-format one. I've tested it on Android 13, 11 and 7.1.1. I've also did same test on emulated android tablet device and there it worked perfectly. In fact, i've been able to log in with Android 11 tablet device once after disabling
Blokada 5
(which is Ad-blocking app for android). Then i logged off and tried the same thing with having Blokada turned on. After this weird bug appearing again, i turned off the Blokada again and tried the login process. Yet the behavior didn't change unexpectedly.The OS that Immich Server is running on
Ubuntu Server 22.04 LTS
Version of Immich Server
v1.63.0 (first time spotted on v1.62.0)
Version of Immich Mobile App
1.63.0
Platform with the issue
Your docker-compose.yml content
Your .env content
DB_HOSTNAME=redacted DB_USERNAME=redacted DB_PASSWORD=redacted DB_DATABASE_NAME=redacted REDIS_HOSTNAME=immich_redis UPLOAD_LOCATION=/mnt/Backups/immich TYPESENSE_API_KEY=redacted PUBLIC_LOGIN_PAGE_MESSAGE="It works!" IMMICH_WEB_URL=http://immich-web:3000 IMMICH_SERVER_URL=http://immich-server:3001 IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003 TZ=Europe/Bratislava
Reproduction steps
Additional information
No response
The text was updated successfully, but these errors were encountered: