[Bug] Release 5.196.2 broke Custom Tabs Android Login support

[Sparowhawk]

Describe the bug

In our app we use Custom tabs for Android. However this 5.196.2 release forced the web page to open in Duck Duck go. This is a problem with our login feature specifically as all 4 of our login services that we support send us a callback url that we listen for to complete our login process and obtain our refresh token. As a result this either forces us to force the user to use chrome or another supported browser otherwise they can no longer login. There should be a flag to specifically disable this for this use case.

How to Reproduce

Have an app that requires a web browser for login. Try to login to that app with Duck Duck go as the default browser. No longer able to login as it is impossible to pass the login result back to the app.

Expected behavior

There should be a flag to turn on or off this behavior so that login/oauth processes still work for apps.

Environment

- DDG App Version: 5.196.2
- Device: All
- OS: Android

[github-actions]

Thank you for opening an Issue in our Repository.
The issue has been forwarded to the team and we'll follow up as soon as we have time to investigate.
As stated in our Contribution Guidelines, requests for feedback should be addressed via the Feedback section in the Android app.

[anikiki]

@Sparowhawk Thank you for raising the issue.

In the How to reproduce section, you specified Have an app that requires a web browser for login. Could you please provide an example of such an app so that we can investigate further?

[Sparowhawk]

The VA Health and Benefits app is one such app. Any other VA app also uses the same web/oauth login.

The reason is they use id.me/dslogon or 2 other services that are rarely used. The issue is all those authentication services use web url redirects to pass back a token for further use in other api's.

So by opening up the url direct in the browser instead of the app it severs the callback nature allowing web logins to work.

[Sparowhawk]

Any veterans with only duck duck go as a browser on their device with the new update can no longer log in. If they have it as default with other browsers installed they currently can't login until they change their default until one of their prs get merged ignoring duck duck go if another browser is installed.

[anikiki]

Thank you for the details, we acknowledge the situation.

I noticed that an exception for DuckDuckGo has already been incorporated into the VA app code CustomTabsIntentModule.kt#L96-L106.

We'd like to address this on our end, but we require access to an app for testing purposes. Since the VA app needs a US Government login which we do not have access to, we are unable to proceed with the fix until we find a suitable testing app.

[FaqatZubair1]

Try any mastodon client (as in my case is mastify). When you try to login on mastodon.social, it will redirect to oauth url.

[anikiki]

Thanks @FaqatZubair1! This is very useful.

[anikiki]

Try any mastodon client (as in my case is mastify). When you try to login on mastodon.social, it will redirect to oauth url.

@FaqatZubair1 This is now fixed in the latest version. Thanks for reporting.

[anikiki]

Closing this issue as the mastodon client was fixed. We can't test the other apps mentioned due to lack of credentials.