Why is Android Browser denying me permission to callback from OAuth?

Question

I am trying to get OAuth working for a service provider website. Everything goes well with the authentication until the callback. It's actually calling back with the proper URL (the one I specified both on the provider's registration site as well as the call to provider.retrieveRequestToken()

I am doing this:

provider.retrieveRequestToken(consumer, "my-app:///" );

And the URL I actually get back is exactly what I'd expect - "my-app:///?[a bunch of params including my access token]"

But at this point the browser says I do not have permission to access that URL. My manifest is set up like so:

<activity android:name=".Selector"
            android:label="@string/app_name">
            <intent-filter>
                <action android:name="android.intent.action.MAIN" />
                <category android:name="android.intent.category.LAUNCHER" />
            </intent-filter>
        <intent-filter>
             <action android:name="android.intent.action.VIEW" />
             <category android:name="android.intent.category.DEFAULT" />
             <category android:name="android.intent.category.BROWSABLE" />
             <data android:scheme="my-app"/>
        </intent-filter>
        </activity>

Am I missing something? Maybe a permission?

Answer 1

I've implemented an intent-based OAuth callback in SMS Backup+. From user feedback I've found that a few browsers (e.g. Opera Mini) won't actually handle non-http schemes correctly, so this could be the issue as well. Try in an emulator with a stock browser first.

Some phones (Droid X) even ship with broken browsers by default, so this method doesn't work reliably across devices. I'm currently looking for a better solution, an alternative would be to use OOB callback handling, but that's not very user-friendly.