Self Service Account Creation in Authorization Code Flow Grant

Questions
1

My native Android app is currently using the API to authenticate and for account creation. I’m trying to use the Okta Mobile Kotlin library, specifically “Web Authentication using OIDC redirect”. The login flow is working, based on following the example in Samples Android => "Browser Sign In" sample. Now I’m trying to implement the “self service” account creation. The flow is like this:

  • In the app, click “login/signup” button. This launches the chrome custom tab that shows the login widget. Ie like this:
val result = CredentialBootstrap.oidcClient.createWebAuthenticationClient().login(
                context = context,
                redirectUrl = BuildConfig.SIGN_IN_REDIRECT_URI,
            )

            when (result) {
                is OidcClientResult.Error -> {
                    Timber.e(result.exception, "Failed to login.")
                    _loginState.value =
                        LoginScreenLoginState.LoginFailed(errorMessage = "Failed to login.")
                }
                is OidcClientResult.Success -> {
                    val credential = CredentialBootstrap.defaultCredential()
                    credential.storeToken(token = result.result)
                    _loginState.value = LoginScreenLoginState.LoggedIn
                }
            }
  • The user can login or create an account. The user clicks to create an account and enters a new email/password and are told to check their email.
  • The user checks their email and clicks “Verify” to activate the account. The user is redirected back to the client app. This cancels the web login flow, which is fine but maybe worth noting. Note that even if the app’s process killed, the same behavior below still exists.
  • Based on the Intent returned from the email activation, the app detects that the user has just signed up. I was hoping after the user clicked “Verify” that the token would be available via the CredentialBootstrap.defaultCredential() but that doesn’t seem to be the case. Because of that, the app needs to go fetch a token, so the app launches the Chrome Custom tab again (using the same code :point_up:) to authenticate (so the app can get a token).
    This results in MANY redirects in the chrome custom tab to the login screen. The experience is very jarring from the user’s perspective. It eventually returns back to the app with a valid token, but again, it’s a very rough experience for the user.

I’ve modified this sample and see the same jarring redirect behavior to ensure it’s not a confounding issue in the main app I’m working on.

Is there another way to use the Okta-Mobile-Kotlin libraries/browser sign to support account creation in the app? Is there a sample app I could see or any other guidance on how to provide a better flow? Or is there a way to automatically flow the token back to the app after validating the account? Or should I just open a case?