Skip to content

fix: handle custom URL scheme verification for mobile apps#2471

Merged
broody merged 1 commit intomainfrom
kronosapiens/fix-custom-scheme-verify
Mar 5, 2026
Merged

fix: handle custom URL scheme verification for mobile apps#2471
broody merged 1 commit intomainfrom
kronosapiens/fix-custom-scheme-verify

Conversation

@kronosapiens
Copy link
Contributor

@kronosapiens kronosapiens commented Mar 5, 2026

Summary

  • When mobile apps use custom URL schemes (e.g. com.example.app://callback), new URL().origin returns "null", causing origin verification to always fail with "Application domain does not match the configured domain"
  • Adds special handling in isOriginVerified to match the URL scheme (protocol) against allowed origins when the origin is "null"
  • Passes the full redirectUrl (instead of redirectOrigin) to isOriginVerified so the function can parse custom schemes correctly

Test plan

  • Added unit tests for custom URL scheme verification (Android/iOS bundle IDs)
  • Existing origin verification tests continue to pass
  • Manual test with mobile app using custom scheme redirect

🤖 Generated with Claude Code

@kronosapiens @claude
fix: handle custom URL scheme verification for mobile apps
2919c9c 
When mobile apps use custom URL schemes (e.g. com.example.app://callback),
new URL().origin returns "null", causing origin verification to fail.
This adds special handling in isOriginVerified to match the URL scheme
against allowed origins for custom protocols.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@vercel
Copy link

vercel bot commented Mar 5, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
controller-example-next Ready Ready Preview Mar 5, 2026 9:53pm
keychain Ready Ready Preview Mar 5, 2026 9:53pm
keychain-storybook Ready Ready Preview Mar 5, 2026 9:53pm

Request Review

@broody broody merged commit 316f5c4 into main Mar 5, 2026
12 checks passed
@broody broody deleted the kronosapiens/fix-custom-scheme-verify branch March 5, 2026 22:00
@claude
Copy link
Contributor

claude bot commented Mar 5, 2026
edited
Loading

Claude finished @kronosapiens's task —— View job

Analysis Complete

Task: Review changes in controller repository and update docs repository if user-facing behavior changed.

Summary

The Fix:
PR #2471 fixed a bug where custom URL schemes (like com.example.app://callback) used by mobile apps failed origin verification. The implementation:

  • Detects when new URL().origin returns "null" (which happens for custom schemes)
  • Extracts the protocol/scheme (e.g., com.example.app) and matches it against allowed origins
  • Example: xyz.studio.game://deeplink now matches if xyz.studio.game is in allowed origins

Decision: NO DOCUMENTATION CHANGES NEEDED

Rationale:
Following the strict documentation rules:

  1. DEFAULT TO NO CHANGES: This is an internal bug fix, not a new feature
  2. No behavioral change from user perspective: Users were already supposed to be able to use custom URL schemes - this fix makes it work as intended
  3. No API changes: The origin field format remains the same - users still list allowed origins as strings
  4. Implementation detail: How the origin verification handles custom schemes internally is not user-facing configuration

The existing documentation in presets.md already correctly shows that users should add their origins to the origin array. The bug was that custom URL schemes didn't actually work for verification - now they do. Users don't need to change anything about how they configure origins.

Docs reviewed:

  • docs-repo/src/pages/controller/presets.md - Documents origin field configuration
  • docs-repo/src/pages/controller/native/capacitor.md - Shows redirect URL usage
  • docs-repo/src/pages/controller/native/react-native.md - Shows session flow
  • docs-repo/src/pages/controller/native/android.md - Android integration
  • docs-repo/src/pages/controller/native/ios.md - iOS integration

No updates required.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kronosapiens @broody