microsoft-authentication-library-for-android: Problem opening URL links

Describe the bug We are receiving an error (thus killing the journey) when trying to open a link inside one of our journeys. It’s live in production.

Smartphone (please complete the following information):

  • Device: All
  • Android Version: All
  • Browser Chrome
  • MSAL Version 1.5.4

Stacktrace No crash, just an error from MSAL: The webView was redirected to an unsafe URL. Redirect url scheme not SSL protected

To Reproduce

  1. We open one of our journeys for example: “Terms and conditions”
  2. Click a link that should redirect to another URL (external URL)

Expected behavior The link should open in the webview or redirect and open on chrome (or any default external browser)

Actual Behavior MSAL returns an error and the app treats as a generic error

MSALServiceException also didn’t return the clicked URL tried to open

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Reactions: 2
  • Comments: 23 (7 by maintainers)

Most upvoted comments

Hi @shahzaibj , any suggestion following @ralexandre-ciandt 's response? We just want to be able to open these links in the browser, without closing the user journey. It should be a common use case, considering links to T&C and PP (external pages). Or even links to customer center’s phone and email address (triggering phone’s default behavior).

Hi @shahzaibj Tks for getting back to us. I understand your point when you mention the main goal of Azure B2C as an IAM tool. However, the scenario we are presenting must be a common situation for sure:

Our native app calls the Sign Up journey (B2C) and load the proper form in a webview. During the registration flow, we must present the Terms & Conditions and the Privacy Policy. It’s a legal requirement for every Sign Up flow.

Within these texts, we have some external links we would like to call the native behavior… For instance, links should be opened in a new browser window, mailto links must open the mail tool, tel links open the phone ready to dial, etc. After performing whatever the user wants, they must be able to switch back to our app in the same state as when they left. Without the need to restart the journey whatsoever.

I think the question here is… since MSAL intercepts these links, how to achieve the expected behaviors stated above? I’m pretty sure it’s a very common situation in many T&C and PP text, or even a simple contact us link or phone.

Please sry if I’m missing anything from your previous message, but we need the guidance to finally close this issue that have been pushing us away from the best customer experience.

Thank you!