-
Bug
-
Resolution: Fixed
-
Major
-
4.3
During the last year, we have received several reports about Moodle sites not properly launching the app via URL schemes, in some cases the app is not launching anymore while in others, it is working randomly, we thing this could be related also to changes in how secure cookies are treated by web browsers.
In most cases this has happened when:
- The Moodle site is using an auth plugin that is not part of Moodle core distribution
- The Moodle site is using a combination of auth plugin + MFA
- The Moodle site is using Google OAuth plus MFA
- The Moodle site is under Cloudfare or simular solutions
- The Moodle site is behind load balancers
- Some recent Android versions block the redirect to the custom scheme when the app is using the inapp browser for completing the login process on the site
We are trying to make our current support more solid to at least provide a fallback that could eventually work in some of those situations that are out of our control
To know more about how the current login via custom URL schemes on the app work please check: MDL-53777
The proposed idea consists of basically set a cookie indicating that a Mobile app launch is in process and once the user is logged in, ensuring that $SESSION->wantsurl is properly set thanks to that cookie.
The cookie has a limited lifespan, basically the login process, it is just functional (for authentication) so users do not have to accept it in advance.
Well eventually require a back port of this