[BUG] Redirecting "Open in App" URL schemes for login purposes

[Software-Cat]

Describe the bug

The login process for certain apps requires opening a website in the browser, then using the "Open in App" functionality to send the auth token to the app.

For instance, to log in to Winston for Reddit, you must perform some steps in the app, then open a website in the browser https://app.winston.cafe/auth-success?state=EXAMPLE_STATE&code=EXAMPLE_CODE, then click the "Jump to Winston" link, upon which the auth token is sent to the app.

<a href="winstonapp://auth-success?state=EXAMPLE_STATE&code=EXAMPLE_CODE"></a>

Here, the link has a special href beginning with winstonapp://, meaning it attempts to open Winston directly, not Winston in live container.

In an attempt to fix this, I ran a Nginx server hosting a link but with winstonapp:// replaced with livecontainer://. Upon clicking the link, I was indeed prompted to "Open in Livecontainer", however, the auth token did not get sent through to Winston running in livecontainer, thus making the app impossible to login.

Instructions to reproduce

1. Install Winston for Reddit to livecontainer
2. Follow the Reddit API app creation process
3. Be prompted to "Authenticate", which links you to app.winston.cafe.
4. TEST1: Directly clicking "Jump to Winston" does not work.
5. Inspect the "Jump to Winston" element to determine its href
6. Run a server hosting the link but replace winstonapp -> livecontainer
7. TEST2: Click the link and observe that "Open in Livecontainer" works, BUT it still does not login

What version of LiveContainer are you using?

3.1.0-release (main/7b23e9e)

Other info

Related Issue: #162

[hugeBlack]

There's a link button on the top right corner of LiveContainer so you can use that to open your login url scheme

[Software-Cat]

Thanks for your help!

Just attempted it. Winston opens correctly but after that in-app safari opens automatically and navigates to https://auth-success/?state=…&code=… A nonexistent website.

I have not personally seen any other app using this login method so probably low priority for now. Really excited by some of the updates coming out for 3.1

[hugeBlack]

In 3.1.0 I made some changes to how "open in app", you can have a try. I didn't do before this because I think extracting url schemes from Safari is quite difficult to preform on-device.

1. open the app and try to login
2. finish the login
3. construct live container's "open in app" url scheme with reference to this shortcut: https://www.icloud.com/shortcuts/44ea82ce7ed8469ea24198c375db09a0
4. Open the constructed url scheme (leave the app open) and see if login completes

[Mspy1]

I tried to replicate this for Regram authentication, however. Pressing login on the regram website tries to redirect you to official instagram app. I tried to redirect it to Livecontainer with the shortcut but no luck. Deleting instagram results in app throwing ‘’Safari cannot open this app because the adress is invalid”.

[hugeBlack]

you should send the url scheme you extracted to the shortcut, not the website. We cannot intercept url schemes (the thing redirects you to the official app) inside safari.

If you don't know how to extract, try another way of login.

[Mspy1]

I only changed href to redirect the app authentication to LiveContainer instead of the Instagram app. But it did not work as the app doesn’t see it. Also, I think I might not know how to do it properly. Thanks for the long reply anyway.

[hugeBlack]

@Mspy1 Alright, it seems you didn't get my point. Let me give you an example:

1. Finish login in safari.
2. You extract your url scheme and it may look like this: instagram://login=xxxxx
3. Base64 encode it, it now becomes this: aW5zdGFncmFtOi8vbG9naW49eHh4eHg=
4. Construct live container's "open in app" url : livecontainer://open-url?url=aW5zdGFncmFtOi8vbG9naW49eHh4eHg=
5. Open this url in safari and it will jump to LiveContainer. LiveContainer then convert the url back to original one and send it to Instagram.

[Mspy1]

I managed to login. Thanks for the help.

[michael1900]

I managed to login. Thanks for the help.

What procedure did you use to extract the url scheme? Thanks

[Software-Cat]

I managed to login. Thanks for the help.

Regram login was very inconsistent for me.

• Using "Open in Livecontainer" Shortcut with livecontainer://open-url?url=...
  • nothing happens
• Using "Open in Livecontainer" Shortcut with livecontainer://open-web-page?url=...
  • nothing happens for both keep current app open and close current app
• Closing Regram, using the link icon on top right corner.
  • WORKS

Tested on newest build at time of writing: hugeBlack@386ae51

[Software-Cat]

What procedure did you use to extract the url scheme? Thanks

Procedure for Brave Browser iOS:

1. Make sure the sideloaded app only exists in livecontainer and is not sideloaded normally
2. Begin login from app, in app safari will open
3. Click the safari icon on top right corner of in-app safari to open the same web page but in your default browser (Brave)
4. Complete login from web page in brave
5. Brave asks you whether to switch apps, click Allow.
6. Since the app doesn't actually exist, brave opens a new page using the URL schema instead, because it assumes the URL schema is a website.
7. Copy the schema from the URL box.

[dnfanjos]

I tried all of these methods with Dragalia Lost (Private Server) and could not do anything
It uses the pop-up window login instead of a browser and only allow login whilst that popup window is open
Trying to log in using another browser, or getting the schema and using the link button does not work and just opens the app as normal.
Thankfully the game is playable without an account, but it would be cool to sync my progress (and there must be games out there that require login)

[Impure2411]

@Mspy1 Alright, it seems you didn't get my point. Let me give you an example:

1. Finish login in safari.
2. You extract your url scheme and it may look like this: instagram://login=xxxxx
3. Base64 encode it, it now becomes this: aW5zdGFncmFtOi8vbG9naW49eHh4eHg=
4. Construct live container's "open in app" url : livecontainer://open-url?url=aW5zdGFncmFtOi8vbG9naW49eHh4eHg=
5. Open this url in safari and it will jump to LiveContainer. LiveContainer then convert the url back to original one and send it to Instagram.

Thanks, it works for Winston.

1. Choose Advanced
2. Follow instructions
3. Extract "auth-success?state=EXAMPLE_STATE&code=EXAMPLE_CODE" part from the url and add "winstonapp://" before it (winstonapp://auth-success?state=EXAMPLE_STATE&code=EXAMPLE_CODE)
4. Encode it
5. Add it to "livecontainer://open-url?url=" and open it in your browser