Using App Links for React Native Auth0 on Android

rmerch · April 16, 2025, 12:11pm

Issue Summary

We recently go pen tested and one of the major issues the tester discovered was they was able to hijack the apps scheme and get hold of an access token via another app. This is only possible on Android. The suggested fix for this was to use a registered domain rather that the bundle id in the redirect URL.

I’ve set up a domain and have associated it with the app and this all works fine. I’m able to use the domain and it opens the app.

My issue is I’m unable to get the redirect to work.

Expected: When I log in, I expect the app to open and the auth flow to continue in the same way when using the bundle id in the redirect.
Actual: The call back opens the app but I receive an error message The browser window was closed by a new instance of the application.

Steps to Reproduce if necessary

Setup the Android app according to the docs, setting the auth0Domain and auth0Scheme in the defaultConfig.
Add the callback and login out URL as instructed in the documentation.
Add the extra callbacks for the domain, using this structure https://example.com://{AUTH0_DOMAIN}/android/{PRODUCT_BUNDLE_IDENTIFIER}/callback
Add the customScheme to the authorize hook. (https://example.com)

Error / Debug Info

The browser window was closed by a new instance of the application

- Note: Remove or obfuscate any sensitive info (emails, tenant names, API keys, etc.) before posting.

Environment

Platform: (React Native - Android)
SDK/Library: (auth0-react-navive v4.4.0)
Versions: (e.g., React Native 0.75.4, Node.js v22.9.0, )

Additional Context

I’m using React Navigation to handle deep linking and I have added the domain as a prefix in the linking property of the Navigation Container. I’ve also configured the getInitialURL and subscribe functions. When auth0 redirect back to the app, I log the URL in both the getInitialURL and subscribe functions. getInitialURL returns null from Linking.getInitialURL(). But the Linking.addEventListener in the subscribe function returns https://example.com//{AUTH0_DOMAIN}/android/{PRODUCT_BUNDLE_IDENTIFIER}/callback?code=-{CODE}&state={STATE}

Topic		Replies	Views
Issue on Android: Auth0 not redirecting back to the app after Google login in React Native Expo Get Help login-experience , new-universal-login-experience	3	336	November 16, 2024
Auth0 authorize return undefined response in callback for android application having multiple flavors Get Help react-native-auth0 , sdks-quickstarts	4	192	January 31, 2025
React Native using Android Verifiable App Links Get Help login-experience , new-universal-login-experience	2	239	May 14, 2024
React Native Auth0 integration registered handler error while login Get Help login-experience , new-universal-login-experience	4	869	November 9, 2023
Auth0 Login Issue on Android (React Native Expo) Get Help login-experience , new-universal-login-experience	2	65	March 14, 2025