Merge pull request #125 from pavikaa/feature/ephemeral_chrome_tab

Implement ephemeral custom tabs

Author: kalinjul

gradle/libs.versions.toml

@@ -1,6 +1,6 @@
 [versions]
-compileSdk = "35"
-targetSdk = "35"
+compileSdk = "36"
+targetSdk = "36"
 minSdk = "21"
 
 jvmTarget = "17"
@@ -57,7 +57,7 @@ material-icons = "1.7.3"
 androidx-activity-compose = { module = "androidx.activity:activity-compose", version.ref = "androidxActivity" }
 androidx-appcompat = { module = "androidx.appcompat:appcompat", version.ref = "androidxAppCompat" }
 androidx-core-ktx = { module = "androidx.core:core-ktx", version.ref = "coreKtx" }
-androidx-browser = { module = "androidx.browser:browser", version = "1.8.0" }
+androidx-browser = { module = "androidx.browser:browser", version = "1.9.0-rc01" }
 androidx-security-crypto-ktx = { module = "androidx.security:security-crypto-ktx", version.ref = "securityCryptoKtx" }
 androidx-security-crypto = { module = "androidx.security:security-crypto", version.ref = "securityCryptoKtx" }
 
@@ -84,7 +84,7 @@ ktor-client-core = { module = "io.ktor:ktor-client-core", version.ref = "ktor" }
 ktor-client-darwin = { module = "io.ktor:ktor-client-darwin", version.ref = "ktor" }
 ktor-client-okhttp = { module = "io.ktor:ktor-client-okhttp", version.ref = "ktor" }
 ktor-client-auth = { module = "io.ktor:ktor-client-auth", version.ref = "ktor" }
-ktor-client-contentnegotiation = { module = "io.ktor:ktor-client-content-negotiation", version.ref = "ktor"}
+ktor-client-contentnegotiation = { module = "io.ktor:ktor-client-content-negotiation", version.ref = "ktor" }
 ktor-client-serialization = { module = "io.ktor:ktor-client-serialization", version.ref = "ktor" }
 ktor-serialization-kotlinx-json = { module = "io.ktor:ktor-serialization-kotlinx-json", version.ref = "ktor" }
 ktor-client-logging = { module = "io.ktor:ktor-client-logging", version.ref = "ktor" }
@@ -97,7 +97,7 @@ ktor-server-netty = { module = "io.ktor:ktor-server-netty", version.ref = "ktor"
 
 okhttp = { module = "com.squareup.okhttp3:okhttp", version.ref = "okhttp" }
 assertk = { module = "com.willowtreeapps.assertk:assertk", version.ref = "assertk" }
-material-icons-core = { module = "org.jetbrains.compose.material:material-icons-core", version.ref = "material-icons"}
+material-icons-core = { module = "org.jetbrains.compose.material:material-icons-core", version.ref = "material-icons" }
 
 # Build logic dependencies
 android-gradlePlugin = { module = "com.android.tools.build:gradle", version.ref = "agp" }
@@ -124,10 +124,10 @@ android-library = { id = "com.android.library", version.ref = "agp" }
 composeMultiplatform = { id = "org.jetbrains.compose", version.ref = "compose-multiplatform" }
 compose-compiler = { id = "org.jetbrains.kotlin.plugin.compose", version.ref = "kotlin" }
 ksp = { id = "com.google.devtools.ksp", version.ref = "ksp" }
-kmp = { id = "org.jetbrains.kotlin.multiplatform", version.ref = "kotlin"}
+kmp = { id = "org.jetbrains.kotlin.multiplatform", version.ref = "kotlin" }
 sqldelight = { id = "app.cash.sqldelight", version.ref = "sqldelight" }
 kotlin-serialization = { id = "org.jetbrains.kotlin.plugin.serialization", version.ref = "kotlin" }
-nexusPublish = { id = "io.github.gradle-nexus.publish-plugin", version.ref = "nexus-publish-plugin"}
+nexusPublish = { id = "io.github.gradle-nexus.publish-plugin", version.ref = "nexus-publish-plugin" }
 multiplatform-swiftpackage = { id = "io.github.luca992.multiplatform-swiftpackage", version.ref = "multiplatform-swiftpackage" }
 dokka = { id = "org.jetbrains.dokka", version.ref = "dokka" }
 swiftklib = { id = "io.github.ttypic.swiftklib", version.ref = "swiftklib" }

oidc-appsupport/src/androidMain/kotlin/org/publicvalue/multiplatform/oidc/appsupport/AndroidCodeAuthFlowFactory.kt

@@ -23,10 +23,21 @@ import org.publicvalue.multiplatform.oidc.flows.EndSessionFlow
  */
 @Suppress("unused")
 class AndroidCodeAuthFlowFactory(
-    /** If true, uses an embedded WebView instead of Chrome CustomTab (not recommended) **/
+    /**
+     * If `true`, an embedded WebView is used for the authorization flow.
+     * This is generally **not recommended** due to security and UX concerns.
+     *
+     * If `false` (default), Chrome Custom Tabs are preferred (if available),
+     * falling back to a WebView only if no suitable browser is found.
+     */
     private val useWebView: Boolean = false,
-    /** Clear cache and cookies in WebView **/
-    private val webViewEpheremalSession: Boolean = false,
+
+    /**
+     * If `true`, the authorization session will be ephemeral:
+     * cookies, cache, and other session data will be cleared before starting
+     * the flow in both WebView and Custom Tabs (if supported).
+     */
+    private val ephemeralSession: Boolean = false,
     /** preferred custom tab providers, list of package names in order of priority. Check [Browser][org.publicvalue.multiplatform.oidc.appsupport.customtab.Browser] for example values. **/
     private val customTabProviderPriority: List<String> = listOf()
 ): CodeAuthFlowFactory {
@@ -70,18 +81,19 @@ class AndroidCodeAuthFlowFactory(
     }
 
     override fun createAuthFlow(client: OpenIdConnectClient): PlatformCodeAuthFlow {
+        val customTabProviders = context.getCustomTabProviders().map { it.activityInfo.packageName }
         val preferredBrowserPackage = if (customTabProviderPriority.isNotEmpty()) {
-            val customTabProviders = context.getCustomTabProviders().map { it.activityInfo.packageName }
-            val presentPreferredProviders = customTabProviderPriority.filter { customTabProviders.contains(it) }
+            val presentPreferredProviders =
+                customTabProviderPriority.filter { customTabProviders.contains(it) }
             presentPreferredProviders.firstOrNull()
-        } else null
+        } else customTabProviders.firstOrNull()
 
         return PlatformCodeAuthFlow(
             context = context,
             contract = activityResultLauncher,
             client = client,
             useWebView = useWebView,
-            webViewEpheremalSession = webViewEpheremalSession,
+            ephemeralSession = ephemeralSession,
             preferredBrowserPackage = preferredBrowserPackage
         )
     }

oidc-appsupport/src/androidMain/kotlin/org/publicvalue/multiplatform/oidc/appsupport/HandleRedirectActivity.kt

@@ -1,7 +1,6 @@
 package org.publicvalue.multiplatform.oidc.appsupport
 
 import android.content.Intent
-import android.net.Uri
 import android.os.Bundle
 import android.view.ViewGroup
 import android.webkit.CookieManager
@@ -11,14 +10,16 @@ import android.webkit.WebSettings
 import android.webkit.WebView
 import android.webkit.WebViewClient
 import androidx.activity.ComponentActivity
+import androidx.browser.customtabs.CustomTabsClient
 import androidx.browser.customtabs.CustomTabsIntent
+import androidx.core.net.toUri
 import androidx.core.view.ViewCompat
 import androidx.core.view.WindowInsetsCompat
 import androidx.core.view.updateLayoutParams
 import org.publicvalue.multiplatform.oidc.ExperimentalOpenIdConnect
 
 internal const val EXTRA_KEY_USEWEBVIEW = "usewebview"
-internal const val EXTRA_KEY_WEBVIEW_EPHEREMAL_SESSION = "webview_epheremal_session"
+internal const val EXTRA_KEY_EPHEMERAL_SESSION = "ephemeral_session"
 internal const val EXTRA_KEY_REDIRECTURL = "redirecturl"
 internal const val EXTRA_KEY_URL = "url"
 internal const val EXTRA_KEY_PACKAGE_NAME = "package"
@@ -107,7 +108,7 @@ class HandleRedirectActivity : ComponentActivity() {
     override fun onResume() {
         super.onResume()
         val useWebView = intent.extras?.getBoolean(EXTRA_KEY_USEWEBVIEW)
-        val webViewEpheremalSession = intent.extras?.getBoolean(EXTRA_KEY_WEBVIEW_EPHEREMAL_SESSION)
+        val ephemeralSession = intent.extras?.getBoolean(EXTRA_KEY_EPHEMERAL_SESSION)
         val url = intent.extras?.getString(EXTRA_KEY_URL)
         val redirectUrl = intent.extras?.getString(EXTRA_KEY_REDIRECTURL)
 
@@ -129,24 +130,48 @@ class HandleRedirectActivity : ComponentActivity() {
                 // do not navigate to the login page again in this activity instance
                 intent.removeExtra(EXTRA_KEY_URL)
                 // get preferred browser if set
-                val browserPackage = intent.extras?.getString(EXTRA_KEY_PACKAGE_NAME)
+                val preferredBrowserPackage = intent.extras?.getString(EXTRA_KEY_PACKAGE_NAME)
                 intent.removeExtra(EXTRA_KEY_PACKAGE_NAME)
                 if (useWebView == true) {
-                    showWebView(url, redirectUrl, webViewEpheremalSession ?: false)
+                    showWebView(url, redirectUrl, ephemeralSession ?: false)
                 } else {
-                    launchCustomTabsIntent(url, browserPackage)
+                    launchCustomTabsIntent(
+                        url,
+                        redirectUrl,
+                        preferredBrowserPackage,
+                        ephemeralSession
+                    )
                 }
             }
         }
     }
 
-    private fun launchCustomTabsIntent(url: String?, browserPackage: String?) {
+    @OptIn(ExperimentalOpenIdConnect::class)
+    private fun launchCustomTabsIntent(
+        url: String,
+        redirectUrl: String?,
+        preferredBrowserPackage: String?,
+        ephemeralSession: Boolean?
+    ) {
         val builder = CustomTabsIntent.Builder()
         builder.configureCustomTabsIntent()
+
+        if (preferredBrowserPackage != null) {
+            // Enable ephemeral browsing if supported
+            if (CustomTabsClient.isEphemeralBrowsingSupported(this, preferredBrowserPackage)) {
+                builder.setEphemeralBrowsingEnabled(ephemeralSession ?: false)
+            }
+        } else {
+            // If custom tabs are not available, fallback to WebView
+            showWebView(url, redirectUrl, ephemeralSession ?: false)
+            return
+        }
+
+
         val intent = builder.build()
 
-        browserPackage?.let { intent.intent.setPackage(it) }
-        intent.launchUrl(this, Uri.parse(url))
+        preferredBrowserPackage.let { intent.intent.setPackage(it) }
+        intent.launchUrl(this, url.toUri())
     }
 
     override fun onNewIntent(intent: Intent) {

oidc-appsupport/src/androidMain/kotlin/org/publicvalue/multiplatform/oidc/appsupport/PlatformCodeAuthFlow.android.kt

@@ -21,7 +21,7 @@ actual class PlatformCodeAuthFlow(
     context: Context,
     contract: ActivityResultLauncherSuspend<Intent, ActivityResult>,
     useWebView: Boolean = false,
-    webViewEpheremalSession: Boolean = false,
+    ephemeralSession: Boolean = false,
     preferredBrowserPackage: String? = null,
     actual override val client: OpenIdConnectClient,
 ) : CodeAuthFlow, EndSessionFlow {
@@ -30,7 +30,7 @@ actual class PlatformCodeAuthFlow(
         context = context,
         contract = contract,
         useWebView = useWebView,
-        webViewEpheremalSession = webViewEpheremalSession,
+        ephemeralSession = ephemeralSession,
         preferredBrowserPackage = preferredBrowserPackage
     )
 

oidc-appsupport/src/androidMain/kotlin/org/publicvalue/multiplatform/oidc/appsupport/WebActivityFlow.kt

@@ -9,7 +9,7 @@ internal class WebActivityFlow(
     private val context: Context,
     private val contract: ActivityResultLauncherSuspend<Intent, ActivityResult>,
     private val useWebView: Boolean,
-    private val webViewEpheremalSession: Boolean,
+    private val ephemeralSession: Boolean,
     private val preferredBrowserPackage: String?,
 ) {
     internal suspend fun startWebFlow(requestUrl: Url, redirectUrl: String): ActivityResult {
@@ -26,10 +26,10 @@ internal class WebActivityFlow(
             .apply {
                 this.putExtra(EXTRA_KEY_URL, requestUrl)
                 this.putExtra(EXTRA_KEY_PACKAGE_NAME, preferredBrowserPackage)
+                this.putExtra(EXTRA_KEY_EPHEMERAL_SESSION, ephemeralSession)
                 if (useWebView) {
                     this.putExtra(EXTRA_KEY_USEWEBVIEW, true)
                     this.putExtra(EXTRA_KEY_REDIRECTURL, redirectUrl)
-                    this.putExtra(EXTRA_KEY_WEBVIEW_EPHEREMAL_SESSION, webViewEpheremalSession)
                 }
             }
         return intent