Opening safe browser 0.7.0 from safe-auth:// link?


#1

In v0.6.0 of safe-browser, when I browse a site in a clearnet browser (Edge) and click a safe-auth:// link, it would ask me to open the app (safe-browser) for handling this. However this does not happen with v0.7.0.

Has something changed regarding this between the versions?


#2

This shouldn’t have changed in any of the last versions, I just gave it a try with safe-auth://home/#/login on my linux and it works fine with both v0.7.0 and v0.8.0. Can you please confirm if you still have the issue with v0.8.0?
Also, can you please confirm if the email app or the web hosting mgr successfully triggers the authorisation popup on the browser since by doing that it’s confirming the URI scheme is being registered correctly on your system and perhaps something actually changed in the Edge browser not handling it anymore??


#3

So, some interesting things here.

With 0.6.0 the popup to switch app is triggered. With 0.8.0 too. But not with 0.7.0.
(On a side note: 0.8.0. was faster than 0.6.0 to open the browser when switching app.)

So, OK, the switch app popup in Edge works for 0.8.0.

There is another problem here though, the call to DecodeIpcMessage is throwing serialization error when getting response back from 0.8.0, while it does not on 0.6.0 (went back to confirm it).
What changed there?


#4

Those different versions of the browser use different versions of the safe_client_libs underneath, therefore the authorisation response URI are encoded differently and not compatible.

E.g. let’s say the authenticator uses safe_client_libs v0.X.0 to generate the authorisation response, so if the app receiving it also uses the same version of the safe_client_libs, i.e. v0.X.0, it will be able to decode it. But if the app is using a different version of the safe_client_libs it will throw a serialisation error when it tries to decode the URI and won’t be able to connect to the network.

I’m not sure which version of the apps and/or safe_client_libs you are using against those three different versions of the browser, e.g. you need latest versions of the example apps to use browser v0.8.0 as they won’t work with previous versions due to this incompatibility in the encoding.

Now, this is something eventually we’ll need to support somehow, i.e. have some backward compatibility with the encoding we use for the URI to allow the users to upgrade their browser even when the encoding changed and be able to authorise apps which were using older versions of the safe_client_libs. For the moment this is not the case and you need to make sure you use compatible versions.
I hope I’m explaining myself here and it’s not too confusing, otherwise please don’t hesitate to ask.

One minor comment, note that the authorisation pop-up is not to switch apps, each time you get the pop-up is an independent action which allows you to either authorise or deny permissions to the app, but you could have all apps you have authorised running in parallel, even after closing the browser.


#5

Thanks for the elaborate answer! It makes perfect sense, you explained it well :slight_smile:
I didn’t upgrade client libs, so that’s why.
Ah yes, backward compatibility there would be smooth.

I see now what you mean with the auth popup and yes I can confirm that they work as expected for the apps (missed to confirm that).