What response is AppAuth looking for to close the browser window and complete request?

Question

I am trying to use AppAuth to get an auth code from Instagram, redirect to my server, and exchange that auth code for a custom Firebase token. I'm having problems passing data to AppAuth and triggering the browser window to close.

What works so far

1. Mobile app registers a custom scheme, myscheme:/
2. AppAuth hits Instagram authorize endpoint, receives valid code, redirects to https://myserver.com
3. AppAuth hits https://myserver.com, provides code, is waiting for response
4. My server hits Instagram token endpoint, exchanges code/etc for valid token
5. My server uses this token to mint a valid Firebase token

At this point AppAuth browser window is open and waiting for a response from my server. The server has the Firebase token. The desired next step is to provide this token to AppAuth and have AppAuth close the browser window and complete the process.

What I've tried:

1. Return a redirect to myscheme:/instagram?token=Firebase token

This closes the AppAuth browser window but the process does not complete so AppAuth does not return any result. It continues to wait even though the browser window is closed.

2. Setup a custom scheme listener and redirect to myscheme:/instagram?token=Firebase token

This has the same outcome as 1. but the custom scheme listener does not capture this event, and even if it did, I have no way to cancel the AppAuth process. This feels hacky at best.

To distill the question further:

What does AppAuth need to close the browser window and complete the handshake? What is it looking for?

Answer 1

Is this a Chrome Custom Tabs problem on Android that occurs intermittemtly? If so it may be because there is no user gesture - an annoying requirement inflicted on us by Google. I've been writing up.son stuff on this recently: https://authguidance.com/2019/09/13/android-code-sample-overview/

Apologies if yours is a different issue ..