bug: Expo client cannot use expo go redirect_uri about logto HOT 6 OPEN

Hi @artalat , this is intended by Logto, since your app is a native app, you need to use a reverse domain name notation for your scheme according to the RFC when using OAuth 2.0.

from logto.

Hi @xiaoyijun , thank you for your response. But this distrupts the Expo development process. As Expo's offical Expo Go app uses this scheme. In Expo, for managed workflow apps, development is done on Expo Go. So this is a problem.

Besides, if the OS is not enforcing this limitation, why should Logto?

from logto.

@xiaoyijun let's discuss this next week

from logto.

Any update on this?

from logto.

@artalat, on which platform did you execute Expo Go? If it was iOS, you can define a custom redirect URI e.g. app.my//callback and pass it to the AuthSession instead of the default exp://XXXX one, which should unblock your development.

However, I'm afraid that this won't work on Android. Custom redirect URIs might not invoke the Expo Go app correctly on Android.

To conduct testing on Android, you'll need to build an Android package instead of relying on Expo Go, and set the custom scheme in the App.json file. This ensures everything works properly on the production packages.

The private use native client scheme is restricted by the OAuth2.0 spec.

For private-use URI scheme-based redirects, authorization servers
SHOULD enforce the requirement in Section 7.1 that clients use
schemes that are reverse domain name based. At a minimum, any
private-use URI scheme that doesn't contain a period character (".")
SHOULD be rejected.

Let me know if this helps.

from logto.

@simeng-li Thanks for your detailed response, apart from the hassle this causes, my point is if the OS/platform allows setting a scheme without a ".", Logto shouldnt enforce this restriction for those specific OS/Platforms

from logto.