Skip to content

Add first-class support for Chrome Auth Tab in AppAuth-Android #1146

New issue
New issue
Open
Open
Add first-class support for Chrome Auth Tab in AppAuth-Android#1146
Labels
enhancement
@crismaver1993

Description

@crismaver1993
crismaver1993
opened on Oct 8, 2025

Feature Request

Motivation

AppAuth-Android currently uses Chrome Custom Tabs for browser-based authentication.
Starting with Chrome 137, Google introduced Auth Tab, a specialized Custom Tab for authentication that provides:

  • A secure callback-based return path instead of relying on Intent interception.
  • Simpler UX with minimal browser UI while preserving autofill and password management.
  • Automatic fallback to regular Custom Tabs when not supported.

Adding native Auth Tab support in AppAuth would modernize the authentication experience, enhance security, and reduce boilerplate for developers—without breaking existing integrations.

Description

Implement Auth Tab support as an optional browser handler in AuthorizationService.
When supported by the device, AppAuth should use AuthTabIntent instead of a regular CustomTabsIntent.
If unavailable, it should gracefully fall back to the existing Custom Tabs flow.

Implementation outline:

  1. Detect Auth Tab availability via AuthTabIntent.isSupported(context).

  2. Launch authorization requests using AuthTabIntent, registering a result callback (ActivityResultLauncher) to capture the redirect URI.

  3. Map the resultUri to AuthorizationResponse or AuthorizationException.

  4. Support both custom scheme redirects and https redirects (via Digital Asset Links).

  5. Add a config flag, e.g.:

    AppAuthConfiguration.Builder()
    .setPreferAuthTab(true)
    .build()

Example (simplified Kotlin sketch):

if (AuthTabIntent.isSupported(context)) {
    val launcher = AuthTabIntent.registerActivityResultLauncher(activity) { result ->
        handleAuthResult(result.resultUri)
    }
    AuthTabIntent.Builder().build()
        .launch(launcher, authUri, redirectSchemeOrHost, optionalPath)
} else {
    authorizationService.performAuthorizationRequest(request, pendingIntent, cancelIntent)
}

This would allow AppAuth to automatically use Auth Tab for authentication flows, while preserving compatibility with Custom Tabs and all existing redirect handling.

Alternatives or Workarounds

  • Continue using Custom Tabs with Intent return flow (current approach), which is more fragile and verbose.
  • Implement Auth Tab manually outside AppAuth, duplicating code and fragmenting the ecosystem.
  • Use WebViews (not recommended due to OAuth security risks).

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions