[Android] OAuth2 flow with browser #8825

strump · 2024-08-02T13:24:13Z

strump commented

2024-08-02 13:24:13 +00:00

How new flow should work (happy path):

OsmLoginFragment - User pushes "Login with OSM website" button
OsmLoginFragment - triggers browser
Browser - OSM.org login flow
Browser - redirects to om://oauth2/osm/callback?code=XXX
MwmActivity - handles om:// URI and extracts code value
MwmActivity - calls OsmLoginActivity with code in extras
OsmLoginFragment - calls native code to get OAuth2 token using code
OsmLoginFragment - calls native code to get username using OAuth2 token
OsmLoginFragment - redirects to ProfileActivity

https://github.com/user-attachments/assets/17fd44c3-a3b5-4a5f-adf4-05da30c10c66

Question: What about UI? How we can handle two types of logging in: OAuth2 via browser, and login+password?

Update 2024-09-19

Changed OSM Login UI to have popup bottom panel:

https://github.com/user-attachments/assets/4757b358-e99a-4052-a2bd-6363ae784a87

Update 2024-09-20

Added round corners:

How new flow should work (happy path): 1. `OsmLoginFragment` - User pushes "Login with OSM website" button 2. `OsmLoginFragment` - triggers browser 3. `Browser` - OSM.org login flow 4. `Browser` - redirects to om://oauth2/osm/callback?code=XXX 5. `MwmActivity` - handles `om://` URI and extracts `code` value 6. `MwmActivity` - calls OsmLoginActivity with `code` in extras 7. `OsmLoginFragment` - calls native code to get OAuth2 token using `code` 8. `OsmLoginFragment` - calls native code to get username using OAuth2 token 9. `OsmLoginFragment` - redirects to `ProfileActivity` https://github.com/user-attachments/assets/17fd44c3-a3b5-4a5f-adf4-05da30c10c66 **Question:** What about UI? How we can handle two types of logging in: OAuth2 via browser, and login+password? ### Update 2024-09-19 Changed OSM Login UI to have popup bottom panel: https://github.com/user-attachments/assets/4757b358-e99a-4052-a2bd-6363ae784a87 ### Update 2024-09-20 Added round corners: <img src="https://github.com/user-attachments/assets/db46574e-2edc-4ab3-8c63-4f698eab63f9" width="400px"/>

👍 1

rtsisyk reviewed 2024-08-02 13:24:13 +00:00

strump reviewed 2024-08-02 15:25:08 +00:00

android/app/src/main/res/layout/fragment_osm_login.xml

strump commented

2024-08-02 13:29:54 +00:00

TODO: introduce new string "Login with OSM website" instead of hardcoded one

Jean-BaptisteC (Migrated from github.com) approved these changes 2024-08-04 16:47:58 +00:00

Jean-BaptisteC (Migrated from github.com) left a comment

✅ Pixel 6 - Android 14
FYI, when i press one button 2 buttons change her background color.

✅ Pixel 6 - Android 14 FYI, when i press one button 2 buttons change her background color.

biodranik (Migrated from github.com) reviewed 2024-08-19 10:54:00 +00:00

android/app/src/main/res/layout/fragment_osm_login.xml

biodranik (Migrated from github.com) commented

2024-08-19 10:54:00 +00:00

If website login works only for Google Play builds, then there's no need to translate anything or add a second button.

biodranik (Migrated from github.com) reviewed 2024-08-19 11:13:37 +00:00

biodranik (Migrated from github.com) left a comment

Thanks!

I got a crash on Android 15 emulator when clicking OSM login profile using this PR rebased on the latest master:

2024-08-19 13:12:12.076  3588-3588  AndroidRuntime          app.organicmaps.debug                E  FATAL EXCEPTION: main
                                                                                                    Process: app.organicmaps.debug, PID: 3588
                                                                                                    java.lang.NullPointerException: Attempt to invoke virtual method 'void android.widget.Button.setOnClickListener(android.view.View$OnClickListener)' on a null object reference
                                                                                                    	at app.organicmaps.editor.OsmLoginFragment.onViewCreated(OsmLoginFragment.java:56)
                                                                                                    	at androidx.fragment.app.Fragment.performViewCreated(Fragment.java:3152)
                                                                                                    	at androidx.fragment.app.FragmentStateManager.createView(FragmentStateManager.java:608)
                                                                                                    	at androidx.fragment.app.FragmentStateManager.moveToExpectedState(FragmentStateManager.java:286)
                                                                                                    	at androidx.fragment.app.FragmentStore.moveToExpectedState(FragmentStore.java:114)
                                                                                                    	at androidx.fragment.app.FragmentManager.moveToState(FragmentManager.java:1675)
                                                                                                    	at androidx.fragment.app.FragmentManager.dispatchStateChange(FragmentManager.java:3259)
                                                                                                    	at androidx.fragment.app.FragmentManager.dispatchActivityCreated(FragmentManager.java:3177)
                                                                                                    	at androidx.fragment.app.FragmentController.dispatchActivityCreated(FragmentController.java:263)
                                                                                                    	at androidx.fragment.app.FragmentActivity.onStart(FragmentActivity.java:350)
                                                                                                    	at androidx.appcompat.app.AppCompatActivity.onStart(AppCompatActivity.java:251)
                                                                                                    	at android.app.Instrumentation.callActivityOnStart(Instrumentation.java:1701)
                                                                                                    	at android.app.Activity.performStart(Activity.java:9045)
                                                                                                    	at android.app.ActivityThread.handleStartActivity(ActivityThread.java:4073)
                                                                                                    	at android.app.servertransaction.TransactionExecutor.performLifecycleSequence(TransactionExecutor.java:270)
                                                                                                    	at android.app.servertransaction.TransactionExecutor.cycleToPath(TransactionExecutor.java:250)
                                                                                                    	at android.app.servertransaction.TransactionExecutor.executeLifecycleItem(TransactionExecutor.java:222)
                                                                                                    	at android.app.servertransaction.TransactionExecutor.executeTransactionItems(TransactionExecutor.java:107)
                                                                                                    	at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:81)
                                                                                                    	at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2636)
                                                                                                    	at android.os.Handler.dispatchMessage(Handler.java:107)
                                                                                                    	at android.os.Looper.loopOnce(Looper.java:232)
                                                                                                    	at android.os.Looper.loop(Looper.java:317)
                                                                                                    	at android.app.ActivityThread.main(ActivityThread.java:8705)
                                                                                                    	at java.lang.reflect.Method.invoke(Native Method)
                                                                                                    	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:580)
                                                                                                    	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:886)

Thanks! I got a crash on Android 15 emulator when clicking OSM login profile using this PR rebased on the latest master: ``` 2024-08-19 13:12:12.076 3588-3588 AndroidRuntime app.organicmaps.debug E FATAL EXCEPTION: main Process: app.organicmaps.debug, PID: 3588 java.lang.NullPointerException: Attempt to invoke virtual method 'void android.widget.Button.setOnClickListener(android.view.View$OnClickListener)' on a null object reference at app.organicmaps.editor.OsmLoginFragment.onViewCreated(OsmLoginFragment.java:56) at androidx.fragment.app.Fragment.performViewCreated(Fragment.java:3152) at androidx.fragment.app.FragmentStateManager.createView(FragmentStateManager.java:608) at androidx.fragment.app.FragmentStateManager.moveToExpectedState(FragmentStateManager.java:286) at androidx.fragment.app.FragmentStore.moveToExpectedState(FragmentStore.java:114) at androidx.fragment.app.FragmentManager.moveToState(FragmentManager.java:1675) at androidx.fragment.app.FragmentManager.dispatchStateChange(FragmentManager.java:3259) at androidx.fragment.app.FragmentManager.dispatchActivityCreated(FragmentManager.java:3177) at androidx.fragment.app.FragmentController.dispatchActivityCreated(FragmentController.java:263) at androidx.fragment.app.FragmentActivity.onStart(FragmentActivity.java:350) at androidx.appcompat.app.AppCompatActivity.onStart(AppCompatActivity.java:251) at android.app.Instrumentation.callActivityOnStart(Instrumentation.java:1701) at android.app.Activity.performStart(Activity.java:9045) at android.app.ActivityThread.handleStartActivity(ActivityThread.java:4073) at android.app.servertransaction.TransactionExecutor.performLifecycleSequence(TransactionExecutor.java:270) at android.app.servertransaction.TransactionExecutor.cycleToPath(TransactionExecutor.java:250) at android.app.servertransaction.TransactionExecutor.executeLifecycleItem(TransactionExecutor.java:222) at android.app.servertransaction.TransactionExecutor.executeTransactionItems(TransactionExecutor.java:107) at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:81) at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2636) at android.os.Handler.dispatchMessage(Handler.java:107) at android.os.Looper.loopOnce(Looper.java:232) at android.os.Looper.loop(Looper.java:317) at android.app.ActivityThread.main(ActivityThread.java:8705) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:580) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:886) ```

android/app/src/main/cpp/app/organicmaps/editor/OsmOAuth.cpp

biodranik (Migrated from github.com) commented

2024-08-19 10:56:35 +00:00

    auto const auth = OsmOAuth::ServerAuth();

```suggestion auto const auth = OsmOAuth::ServerAuth(); ```

biodranik (Migrated from github.com) commented

2024-08-19 10:57:54 +00:00

Java_app_organicmaps_editor_OsmOAuth_nativeOAuthParams(JNIEnv * env, jclass)

```suggestion Java_app_organicmaps_editor_OsmOAuth_nativeOAuthParams(JNIEnv * env, jclass) ```

android/app/src/main/cpp/app/organicmaps/editor/OsmOAuth.cpp

					
				@ -55,0 +62,4 @@

				JNIEXPORT jstring JNICALL

				Java_app_organicmaps_editor_OsmOAuth_nativeAuthWithOAuth2Code(JNIEnv * env, jclass, jstring oauth2code)

				{

				  OsmOAuth auth = OsmOAuth::ServerAuth();

biodranik (Migrated from github.com) commented

2024-08-19 10:59:50 +00:00

Java_app_organicmaps_editor_OsmOAuth_nativeAuthWithOAuth2Code(JNIEnv * env, jclass, jstring oauth2code)

```suggestion Java_app_organicmaps_editor_OsmOAuth_nativeAuthWithOAuth2Code(JNIEnv * env, jclass, jstring oauth2code) ```

biodranik (Migrated from github.com) commented

2024-08-19 11:00:42 +00:00

    LOG(LWARNING, ("nativeAuthWithOAuth2Code: invalid OAuth2 code", oauth2code));

```suggestion LOG(LWARNING, ("nativeAuthWithOAuth2Code: invalid OAuth2 code", oauth2code)); ```

android/app/src/main/java/app/organicmaps/editor/OsmLoginFragment.java

					
				@ -87,0 +91,4 @@

				        final String oauthToken = OsmOAuth.nativeAuthWithOAuth2Code(oauth2code);

				        final String username = (oauthToken == null) ? null : OsmOAuth.nativeGetOsmUsername(oauthToken);

				        UiThread.run(() -> {

				          processAuth(oauthToken, username);

biodranik (Migrated from github.com) commented

2024-08-19 11:03:18 +00:00

If om://oauth2 scheme is parsed in C++, does it make sense to make the initial URI also on the C++ side? Will it allow reusing of a similar login approach for iOS?

biodranik (Migrated from github.com) commented

2024-08-19 11:03:30 +00:00

    try
    {

```suggestion try { ```

biodranik (Migrated from github.com) commented

2024-08-19 11:03:44 +00:00

    }
    catch (ActivityNotFoundException e)
    {

```suggestion } catch (ActivityNotFoundException e) { ```

biodranik (Migrated from github.com) commented

2024-08-19 11:04:32 +00:00

Showing a toast in hard-coded English here is a good idea. And also logging this as a warning.

biodranik (Migrated from github.com) commented

2024-08-19 11:04:51 +00:00

enableInput(true); ?

`enableInput(true);` ?

biodranik (Migrated from github.com) commented

2024-08-19 11:05:39 +00:00

It would be great to reuse the same login button (GP flavor uses web login, other flavors use password)

biodranik (Migrated from github.com) commented

2024-08-19 11:05:57 +00:00

    if (oauth2code == null || oauth2code.length() == 0)

```suggestion if (oauth2code == null || oauth2code.length() == 0) ```

biodranik (Migrated from github.com) commented

2024-08-19 11:07:01 +00:00

It is called in processAuth below (but after an if)

android/app/src/main/java/app/organicmaps/editor/OsmLoginFragment.java

biodranik (Migrated from github.com) commented

2024-08-19 11:06:18 +00:00

      ThreadPool.getWorker().execute(() -> 
      {

```suggestion ThreadPool.getWorker().execute(() -> { ```

android/app/src/main/java/app/organicmaps/editor/OsmLoginFragment.java

biodranik (Migrated from github.com) commented

2024-08-19 11:08:54 +00:00

Passing null value for a username will later remove it from preferences.

android/app/src/main/java/app/organicmaps/intent/Factory.java

biodranik (Migrated from github.com) commented

2024-08-19 11:09:45 +00:00

Why the search should be canceled?

map/mwm_url.hpp

biodranik (Migrated from github.com) commented

2024-08-19 11:11:59 +00:00

    ASSERT_EQUAL(m_requestType, UrlType::OAuth2, ("Expected OAuth2 API"));

```suggestion ASSERT_EQUAL(m_requestType, UrlType::OAuth2, ("Expected OAuth2 API")); ```

strump reviewed 2024-08-19 14:27:06 +00:00

map/mwm_url.hpp

strump commented

2024-08-19 14:27:06 +00:00

Fixed

strump reviewed 2024-08-19 14:27:34 +00:00

android/app/src/main/java/app/organicmaps/editor/OsmLoginFragment.java

					
				@ -87,0 +91,4 @@

				        final String oauthToken = OsmOAuth.nativeAuthWithOAuth2Code(oauth2code);

				        final String username = (oauthToken == null) ? null : OsmOAuth.nativeGetOsmUsername(oauthToken);

				        UiThread.run(() -> {

				          processAuth(oauthToken, username);

strump commented

2024-08-19 14:27:34 +00:00

You are right. I modified to build OAuth2 URL using native code instead of Java.

strump reviewed 2024-08-19 14:27:41 +00:00

android/app/src/main/cpp/app/organicmaps/editor/OsmOAuth.cpp

					
				@ -55,0 +62,4 @@

				JNIEXPORT jstring JNICALL

				Java_app_organicmaps_editor_OsmOAuth_nativeAuthWithOAuth2Code(JNIEnv * env, jclass, jstring oauth2code)

				{

				  OsmOAuth auth = OsmOAuth::ServerAuth();

strump commented

2024-08-19 14:27:41 +00:00

Fixed

strump reviewed 2024-08-19 14:27:44 +00:00

android/app/src/main/cpp/app/organicmaps/editor/OsmOAuth.cpp

					
				@ -55,0 +62,4 @@

				JNIEXPORT jstring JNICALL

				Java_app_organicmaps_editor_OsmOAuth_nativeAuthWithOAuth2Code(JNIEnv * env, jclass, jstring oauth2code)

				{

				  OsmOAuth auth = OsmOAuth::ServerAuth();

strump commented

2024-08-19 14:27:44 +00:00

Fixed

strump reviewed 2024-08-19 14:27:48 +00:00

android/app/src/main/cpp/app/organicmaps/editor/OsmOAuth.cpp

strump commented

2024-08-19 14:27:48 +00:00

Fixed

strump reviewed 2024-08-19 14:27:52 +00:00

android/app/src/main/cpp/app/organicmaps/editor/OsmOAuth.cpp

strump commented

2024-08-19 14:27:52 +00:00

Fixed

strump reviewed 2024-08-19 14:28:44 +00:00

android/app/src/main/java/app/organicmaps/editor/OsmLoginFragment.java

					
				@ -87,0 +91,4 @@

				        final String oauthToken = OsmOAuth.nativeAuthWithOAuth2Code(oauth2code);

				        final String username = (oauthToken == null) ? null : OsmOAuth.nativeGetOsmUsername(oauthToken);

				        UiThread.run(() -> {

				          processAuth(oauthToken, username);

strump commented

2024-08-19 14:28:43 +00:00

Fixed formatting

strump reviewed 2024-08-19 14:28:50 +00:00

android/app/src/main/java/app/organicmaps/editor/OsmLoginFragment.java

					
				@ -87,0 +91,4 @@

				        final String oauthToken = OsmOAuth.nativeAuthWithOAuth2Code(oauth2code);

				        final String username = (oauthToken == null) ? null : OsmOAuth.nativeGetOsmUsername(oauthToken);

				        UiThread.run(() -> {

				          processAuth(oauthToken, username);

strump commented

2024-08-19 14:28:50 +00:00

Fixed formatting

strump reviewed 2024-08-19 14:29:09 +00:00

android/app/src/main/java/app/organicmaps/editor/OsmLoginFragment.java

					
				@ -87,0 +91,4 @@

				        final String oauthToken = OsmOAuth.nativeAuthWithOAuth2Code(oauth2code);

				        final String username = (oauthToken == null) ? null : OsmOAuth.nativeGetOsmUsername(oauthToken);

				        UiThread.run(() -> {

				          processAuth(oauthToken, username);

strump commented

2024-08-19 14:29:09 +00:00

Changed to .isEmpty()

Changed to `.isEmpty()`

Jean-BaptisteC (Migrated from github.com) requested changes 2024-08-19 15:09:40 +00:00

Jean-BaptisteC (Migrated from github.com) left a comment

❌ Pixel 6 - Android 14
Rotate device on login fragment -> crash
IMO, it's better to keep button to create an account outside of bottomsheet

❌ Pixel 6 - Android 14 Rotate device on login fragment -> crash IMO, it's better to keep button to create an account outside of bottomsheet

biodranik (Migrated from github.com) reviewed 2024-08-19 18:12:58 +00:00

biodranik (Migrated from github.com) left a comment

Thanks! Some nits and unfixed comments from last time.

android/app/src/main/cpp/app/organicmaps/Framework.cpp

biodranik (Migrated from github.com) commented

2024-08-19 18:06:56 +00:00

  std::string const & code = frm()->GetParsedOAuth2Code();
  return jni::ToJavaString(env, code);

```suggestion std::string const & code = frm()->GetParsedOAuth2Code(); return jni::ToJavaString(env, code); ```

android/app/src/main/cpp/app/organicmaps/editor/OsmOAuth.cpp

biodranik (Migrated from github.com) commented

2024-08-19 18:07:06 +00:00

  auto const auth = OsmOAuth::ServerAuth();
  return ToJavaString(env, auth.BuildOAuth2Url());

```suggestion auto const auth = OsmOAuth::ServerAuth(); return ToJavaString(env, auth.BuildOAuth2Url()); ```

android/app/src/main/java/app/organicmaps/editor/OsmLoginBottomFragment.java

biodranik (Migrated from github.com) commented

2024-08-19 18:08:02 +00:00

public class OsmLoginBottomFragment extends BottomSheetDialogFragment
{

Please update Android Studio formatter according to our code style and fix it everywhere.

```suggestion public class OsmLoginBottomFragment extends BottomSheetDialogFragment { ``` Please update Android Studio formatter according to our code style and fix it everywhere.

biodranik (Migrated from github.com) commented

2024-08-19 18:08:22 +00:00

2 spaces instead of 4 everywhere

biodranik (Migrated from github.com) commented

2024-08-19 18:09:08 +00:00

Why the text is cleared?

android/app/src/main/res/layout/fragment_osm_login_bottom.xml

biodranik (Migrated from github.com) commented

2024-08-19 18:10:12 +00:00

?

biodranik (Migrated from github.com) commented

2024-08-19 18:10:32 +00:00

For some reason, formatting is inconsistent.

editor/osm_auth.cpp

biodranik (Migrated from github.com) commented

2024-08-19 18:11:44 +00:00

   return requestTokenUrl.append('?').append(requestTokenQuery);

Please use std::string everywhere.

```suggestion return requestTokenUrl.append('?').append(requestTokenQuery); ``` Please use std::string everywhere.

strump reviewed 2024-08-20 06:37:17 +00:00

android/app/src/main/java/app/organicmaps/editor/OsmLoginBottomFragment.java

strump commented

2024-08-20 06:37:17 +00:00

Layout has the button and the progress bar at the same place. When authentication is in progress we disable button and show progress bar. If we don't clear button text it would look like:

Layout has the button and the progress bar at the same place. When authentication is in progress we disable button and show progress bar. If we don't clear button text it would look like: ![vlcsnap-2024-08-20-09h34m13s156](https://github.com/user-attachments/assets/af1ec057-3c19-4eb4-b925-a64998f34066)

strump reviewed 2024-08-20 07:17:46 +00:00

android/app/src/main/res/layout/fragment_osm_login_bottom.xml

strump commented

2024-08-20 07:17:46 +00:00

Fixed formatting

strump reviewed 2024-08-20 07:17:52 +00:00

android/app/src/main/res/layout/fragment_osm_login_bottom.xml

strump commented

2024-08-20 07:17:52 +00:00

Fixed XML formatting

strump reviewed 2024-08-20 07:18:08 +00:00

android/app/src/main/java/app/organicmaps/editor/OsmLoginBottomFragment.java

strump commented

2024-08-20 07:18:08 +00:00

Reformatted this class

strump reviewed 2024-08-20 07:23:51 +00:00

android/app/src/main/java/app/organicmaps/editor/OsmLoginFragment.java

					
				@ -87,0 +91,4 @@

				        final String oauthToken = OsmOAuth.nativeAuthWithOAuth2Code(oauth2code);

				        final String username = (oauthToken == null) ? null : OsmOAuth.nativeGetOsmUsername(oauthToken);

				        UiThread.run(() -> {

				          processAuth(oauthToken, username);

strump commented

2024-08-20 07:23:51 +00:00

I replaced this code with Utils.openUri(...). It handles missing browser error.

I replaced this code with `Utils.openUri(...)`. It handles missing browser error.

strump reviewed 2024-08-20 07:26:33 +00:00

android/app/src/main/java/app/organicmaps/intent/Factory.java

strump commented

2024-08-20 07:26:33 +00:00

I don't know if it makes sense. I copied this line from previous case blocks.

Shoul be removed?

I don't know if it makes sense. I copied this line from previous `case` blocks. Shoul be removed?

biodranik (Migrated from github.com) requested changes 2024-08-21 09:53:54 +00:00

biodranik (Migrated from github.com) left a comment

Thanks!

@strump this is a bad UX:

two login buttons (which one should a grandpa choose?)
No Register button for new users
No forget password for existing users

Note that web browser login won't work smoothly on many custom/ungoogled firmware, it has been reported by other developers doing a similar web-based OSM auth.

As we really need a web login for the Google Play version only, let's leave an old UI for other flavors, and show only a web login button for Google Play version.

Thanks! @strump this is a bad UX: - two login buttons (which one should a grandpa choose?) - No Register button for new users - No forget password for existing users Note that web browser login won't work smoothly on many custom/ungoogled firmware, it has been reported by other developers doing a similar web-based OSM auth. As we really need a web login _for the Google Play version only_, let's leave an old UI for other flavors, and show only a web login button for Google Play version. ![выява](https://github.com/user-attachments/assets/f4b84bc8-7fa7-4e0d-a01b-43ff69ea78a1)

This repo is archived. You cannot comment on pull requests.

No reviewers

rtsisyk

Jean-BaptisteC

biodranik