Selective Disclosure Flow not clear

[vibern0]

Hello, I'm trying to create a basic mobile app that allows me to do authentication with uPort mobile app. I used demoapp in this repository (fixed some problems it as) and finally managed to make it work.

Now my problem is related to what to do after receiving the token. I was looking at https://developer.uport.me/flows/selectivedisclosure and it was not very clear to me. My current problem is related to https://github.com/uport-project/uport-android-sdk/blob/develop/demoapp/src/main/java/me/uport/sdk/demoapp/request_flows/uPortLoginActivity.kt#L39. Do I need a simples web-app running to catch that callback? If so, how do I send back to my app?

Also, I would like to start helping at least with documentation. How can I do so?
Thank you so much in advance.

[mirceanis]

You are right, the documentation could be improved a lot there.
You don't need a webapp to catch the token.

The callback URL you set there should be a URL that your app declares in the manifest.

The easiest way to do things is to use the Transports.sendExpectingResult() along with the manifest declaration of IntentForwardingActivity (like so:

uport-android-sdk/demoapp/src/main/AndroidManifest.xml

Line 24 in 86bc920

<!--when using deeplinks as callbacks, you need to set the intent filters on this activity and merge-->

)

This will allow you to get the callback as a simple onActivityResult() which can be parsed using a ResponseParser.parseActivityResult()
Check out

uport-android-sdk/demoapp/src/main/java/me/uport/sdk/demoapp/request_flows/uPortLoginActivity.kt

Line 66 in 86bc920

override fun onActivityResult(requestCode: Int, resultCode: Int, data: Intent?) {

to get an idea.

Of course, the actual callback URL you use should be specific to your app. and it doesn't need to use https as scheme. It can be app specific too.

The names of these methods or their location will probably change in a future release to increase discoverability.

[vibern0]

Thank you, it worked. Although, I was expecting it to just send me back and in fact, I have to select the app. Is it supposed to be like that or did I forgot anything?
Sorry about my ignorance, I'm a blockchain developer but I have little knowledge when it comes to android development.

So now, since the demoapp didn't work for me, I'll fix it and open a PR. then, if possible I would like to help with documentation. Maybe using the riot chat could help, right?

[mirceanis]

You have to select the app because you are probably using a http(s) scheme in the callback URL.
That will prompt the user to select between the browser and your app when the callback is launched.
To get around this there are 2 options.

1. use an app specific scheme in the callback URL (for example: myscheme:mydomain.com/callbacks)
2. verify that you own the domain name by posting an assetlinks.json with the app signature by following the instructions here: https://developer.android.com/training/app-links/verify-site-associations

Remember to set the same URL in the AndroidManifest.xml as well.
It's easier to use option 1. at first but if you plan to publish the app it's worth going through the second step too.

It's probably easier to keep the conversation here if the issue is easy to describe.
What exactly did not work for you in the demoapp?

[vibern0]

Hello, sorry for that. It eventually worked, I was just missing some steps. I'm not familiar with Android and kotlin, so I guess it was only my problem. Let's close it.
Thank you so much for your time.