@superfan-app/spotify-auth 0.1.73 → 0.1.75

package/android/src/main/java/expo/modules/spotifyauth/SpotifyAuthAuth.kt

@@ -1,5 +1,6 @@
 package expo.modules.spotifyauth
 
+import android.app.Activity
 import android.content.Intent
 import android.content.pm.PackageManager
 import android.net.Uri
@@ -23,9 +24,9 @@ import java.util.concurrent.Executors
 /**
  * Core Spotify authentication logic for Android, mirroring the iOS SpotifyAuthAuth class.
  *
- * Supports two auth flows:
- * 1. App-switch via Spotify's AuthorizationClient (when Spotify app is installed)
- * 2. Web auth via AuthorizationClient's WebView fallback (built into the Spotify auth-lib)
+ * Uses browser-based auth via Spotify's AuthorizationClient.openLoginInBrowser().
+ * On Android, app-switch is disabled regardless of whether the Spotify app is installed.
+ * Auth results are delivered via onNewIntent (handled by handleNewIntent()).
  *
  * Token exchange and refresh are handled via the backend token swap/refresh URLs,
  * matching the iOS implementation.
@@ -192,9 +193,9 @@ class SpotifyAuthAuth private constructor(private val appContext: AppContext) {
     // region Authentication Flow
 
     /**
-     * Initiate the Spotify authorization flow.
-     * Uses Spotify's AuthorizationClient which handles both app-switch (when Spotify is installed)
-     * and WebView fallback automatically.
+     * Initiate the Spotify authorization flow via the system browser.
+     * On Android, app-switch is always bypassed. The auth result is delivered
+     * via onNewIntent, handled by handleNewIntent().
      */
     fun initAuth(config: AuthorizeConfig) {
         secureLog("initAuth called with showDialog=${config.showDialog}")
@@ -223,13 +224,7 @@ class SpotifyAuthAuth private constructor(private val appContext: AppContext) {
             val redirectUri = redirectURL
             val scopeArray = scopes.toTypedArray()
 
-            val spotifyInstalled = isSpotifyInstalled()
             secureLog("Configuration - ClientID: ${clientId.take(8)}..., RedirectURI: $redirectUri, Scopes: ${scopeArray.size}")
-            Log.d(TAG, "Spotify app installed: $spotifyInstalled (will use ${if (spotifyInstalled) "app-switch" else "WebView"} auth)")
-
-            if (!spotifyInstalled) {
-                Log.w(TAG, "Spotify app not detected. Will use WebView fallback. If WebView fails, check package visibility in AndroidManifest (<queries> tag)")
-            }
 
             if (scopeArray.isEmpty()) {
                 Log.e(TAG, "No valid scopes found in configuration")
@@ -261,18 +256,17 @@ class SpotifyAuthAuth private constructor(private val appContext: AppContext) {
 
             val request = builder.build()
 
-            secureLog("Opening Spotify authorization activity with REQUEST_CODE=$REQUEST_CODE")
+            secureLog("Opening Spotify authorization in browser")
 
-            // === ENHANCED DEBUG LOGGING ===
+            // === SPOTIFY AUTH DEBUG ===
             Log.d(TAG, "=== SPOTIFY AUTH DEBUG ===")
-            Log.d(TAG, "Auth flow type: ${if (spotifyInstalled) "APP_SWITCH" else "WEBVIEW"}")
+            Log.d(TAG, "Auth flow type: BROWSER (app-switch disabled on Android)")
             Log.d(TAG, "Client ID: ${clientId.take(10)}...")
             Log.d(TAG, "Redirect URI: $redirectUri")
             Log.d(TAG, "Response Type: CODE")
             Log.d(TAG, "Scopes: ${scopeArray.joinToString(",")}")
             Log.d(TAG, "Package name: ${appContext.reactContext?.packageName}")
             Log.d(TAG, "Activity: ${activity.javaClass.name}")
-            Log.d(TAG, "Activity launchMode: ${activity.packageManager.getActivityInfo(activity.componentName, 0).launchMode}")
             Log.d(TAG, "========================")
 
             // Set a timeout to detect if the auth flow doesn't complete
@@ -288,13 +282,12 @@ class SpotifyAuthAuth private constructor(private val appContext: AppContext) {
             mainHandler.postDelayed(authTimeoutHandler!!, AUTH_TIMEOUT_MS)
 
             try {
-                // AuthorizationClient.openLoginActivity handles both flows:
-                // - If Spotify is installed: app-switch auth
-                // - If Spotify is not installed: opens a WebView with Spotify login
-                AuthorizationClient.openLoginActivity(activity, REQUEST_CODE, request)
-                secureLog("AuthorizationClient.openLoginActivity called successfully")
+                // Use browser-based auth on Android (bypasses Spotify app-switch).
+                // The auth result is delivered via onNewIntent, handled by handleNewIntent().
+                AuthorizationClient.openLoginInBrowser(activity, request)
+                secureLog("AuthorizationClient.openLoginInBrowser called successfully")
             } catch (e: Exception) {
-                Log.e(TAG, "Failed to open authorization activity: ${e.message}", e)
+                Log.e(TAG, "Failed to open browser authorization: ${e.message}", e)
                 throw SpotifyAuthException.AuthenticationFailed("Failed to open Spotify authorization: ${e.message}")
             }
 
@@ -392,7 +385,33 @@ class SpotifyAuthAuth private constructor(private val appContext: AppContext) {
                     }
                 }
                 AuthorizationResponse.Type.EMPTY -> {
-                    Log.w(TAG, "Authorization returned EMPTY - user likely cancelled")
+                    val spotifyInstalled = isSpotifyInstalled()
+                    if (spotifyInstalled) {
+                        Log.e(TAG, "")
+                        Log.e(TAG, "╔══════════════════════════════════════════════════════════════╗")
+                        Log.e(TAG, "║  SPOTIFY APP-SWITCH AUTH: EMPTY RESPONSE                     ║")
+                        Log.e(TAG, "╠══════════════════════════════════════════════════════════════╣")
+                        Log.e(TAG, "║  Spotify is installed but auth returned empty immediately.   ║")
+                        Log.e(TAG, "║  The auth dialog flashed and dismissed without going to      ║")
+                        Log.e(TAG, "║  Spotify. Common client-side causes:                         ║")
+                        Log.e(TAG, "║                                                              ║")
+                        Log.e(TAG, "║  1. MainActivity launchMode is singleTask (most likely).     ║")
+                        Log.e(TAG, "║     Change to singleTop in your AndroidManifest.xml.         ║")
+                        Log.e(TAG, "║                                                              ║")
+                        Log.e(TAG, "║  2. Redirect URI '${redirectURL.take(30)}...' not registered  ║")
+                        Log.e(TAG, "║     in Spotify Developer Dashboard.                          ║")
+                        Log.e(TAG, "║                                                              ║")
+                        Log.e(TAG, "║  3. manifestPlaceholders redirectHostName in build.gradle    ║")
+                        Log.e(TAG, "║     does not match the host portion of your redirect URI.    ║")
+                        Log.e(TAG, "║     (Run the Expo config plugin to regenerate.)              ║")
+                        Log.e(TAG, "║                                                              ║")
+                        Log.e(TAG, "║  4. Installed Spotify version is too old to support          ║")
+                        Log.e(TAG, "║     app-switch auth.                                         ║")
+                        Log.e(TAG, "╚══════════════════════════════════════════════════════════════╝")
+                        Log.e(TAG, "")
+                    } else {
+                        Log.w(TAG, "Authorization returned EMPTY - user likely cancelled")
+                    }
                     module?.onAuthorizationError(SpotifyAuthException.UserCancelled())
                 }
                 else -> {
@@ -410,6 +429,78 @@ class SpotifyAuthAuth private constructor(private val appContext: AppContext) {
         }
     }
 
+    /**
+     * Handle the Spotify auth callback delivered via onNewIntent (browser-based flow).
+     * Called by the module's OnNewIntent handler after openLoginInBrowser() completes.
+     */
+    fun handleNewIntent(intent: Intent) {
+        Log.d(TAG, "handleNewIntent called - action=${intent.action}, data=${intent.data}")
+
+        if (!isAuthenticating) {
+            Log.d(TAG, "Ignoring new intent - not currently authenticating")
+            return
+        }
+
+        // Cancel the timeout
+        authTimeoutHandler?.let {
+            mainHandler.removeCallbacks(it)
+            secureLog("Auth timeout cancelled")
+        }
+
+        isAuthenticating = false
+        secureLog("Setting isAuthenticating to false")
+
+        if (module == null) {
+            Log.e(TAG, "CRITICAL: Module is null in handleNewIntent - cannot send events to JS")
+            return
+        }
+
+        try {
+            val response = AuthorizationClient.getResponse(Activity.RESULT_OK, intent)
+            Log.d(TAG, "Spotify response type: ${response.type}")
+
+            when (response.type) {
+                AuthorizationResponse.Type.CODE -> {
+                    val code = response.code
+                    secureLog("Authorization code received, length=${code?.length ?: 0}")
+                    if (code != null) {
+                        exchangeCodeForToken(code)
+                    } else {
+                        Log.e(TAG, "Authorization code was null despite CODE response type")
+                        module?.onAuthorizationError(
+                            SpotifyAuthException.AuthenticationFailed("No authorization code received")
+                        )
+                    }
+                }
+                AuthorizationResponse.Type.ERROR -> {
+                    val errorMsg = response.error ?: "Unknown error"
+                    Log.e(TAG, "Spotify authorization error: $errorMsg")
+                    if (errorMsg.contains("access_denied", ignoreCase = true) ||
+                        errorMsg.contains("cancelled", ignoreCase = true)) {
+                        module?.onAuthorizationError(SpotifyAuthException.UserCancelled())
+                    } else {
+                        module?.onAuthorizationError(SpotifyAuthException.AuthorizationError(errorMsg))
+                    }
+                }
+                AuthorizationResponse.Type.EMPTY -> {
+                    Log.w(TAG, "Browser auth returned EMPTY - user likely cancelled")
+                    module?.onAuthorizationError(SpotifyAuthException.UserCancelled())
+                }
+                else -> {
+                    Log.e(TAG, "Unexpected Spotify response type: ${response.type}")
+                    module?.onAuthorizationError(
+                        SpotifyAuthException.AuthenticationFailed("Unexpected response type: ${response.type}")
+                    )
+                }
+            }
+        } catch (e: Exception) {
+            Log.e(TAG, "Exception in handleNewIntent: ${e.message}", e)
+            module?.onAuthorizationError(
+                SpotifyAuthException.AuthenticationFailed("Error processing auth result: ${e.message}")
+            )
+        }
+    }
+
     // endregion
 
     // region Token Exchange
@@ -658,16 +749,14 @@ class SpotifyAuthAuth private constructor(private val appContext: AppContext) {
     // region Web Auth Cancellation
 
     /**
-     * Cancel an in-progress web auth session.
-     * On Android, this clears cookies and notifies JS of cancellation.
+     * Cancel an in-progress auth session.
+     * For browser-based auth the system browser cannot be closed programmatically,
+     * so this clears internal state and notifies JS of cancellation.
      */
     fun cancelWebAuth() {
-        val activity = appContext.currentActivity
-        if (activity != null) {
-            AuthorizationClient.stopLoginActivity(activity, REQUEST_CODE)
-        }
-        module?.onAuthorizationError(SpotifyAuthException.UserCancelled())
+        authTimeoutHandler?.let { mainHandler.removeCallbacks(it) }
         isAuthenticating = false
+        module?.onAuthorizationError(SpotifyAuthException.UserCancelled())
     }
 
     // endregion

package/android/src/main/java/expo/modules/spotifyauth/SpotifyAuthModule.kt

@@ -62,6 +62,11 @@ class SpotifyAuthModule : Module() {
             spotifyAuth.cancelWebAuth()
         }
 
+        OnNewIntent { intent ->
+            secureLog("OnNewIntent received in module - action=${intent.action}, data=${intent.data}")
+            spotifyAuth.handleNewIntent(intent)
+        }
+
         OnActivityResult { _, payload ->
             secureLog("OnActivityResult received in module - requestCode=${payload.requestCode}, resultCode=${payload.resultCode}")
             android.util.Log.d("SpotifyAuth", "=== MODULE ACTIVITY RESULT ===")

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@superfan-app/spotify-auth",
-  "version": "0.1.73",
+  "version": "0.1.75",
   "description": "Spotify OAuth module for Expo",
   "main": "src/index.tsx",
   "types": "build/index.d.ts",

package/plugin/build/index.js

@@ -3,6 +3,16 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const config_plugins_1 = require("@expo/config-plugins");
 const pkg = require('../../package.json');
+/**
+ * Splits a callback value (e.g. "auth" or "auth/spotify") into its host and optional path components.
+ * Android intent filter `android:host` must not include a path segment.
+ */
+function parseCallback(callback) {
+    const slashIdx = callback.indexOf('/');
+    if (slashIdx === -1)
+        return { host: callback, path: null };
+    return { host: callback.slice(0, slashIdx), path: callback.slice(slashIdx) };
+}
 function validateSpotifyConfig(config) {
     if (!config.clientID)
         throw new Error("Spotify clientID is required");
@@ -77,9 +87,12 @@ const withSpotifyManifestPlaceholders = (config, props) => {
         let buildGradle = config.modResults.contents;
         // Escape values for Gradle string literals (escape backslashes and quotes)
         const scheme = String(props.scheme).replace(/\\/g, '\\\\').replace(/"/g, '\\"');
-        const host = String(props.callback).replace(/\\/g, '\\\\').replace(/"/g, '\\"');
-        // ".*" accepts any path - retains previous behavior per Spotify changelog (auth lib 3.0.0)
-        const pathPattern = '.*';
+        // Split callback into host and optional path — android:host must not contain a slash
+        const { host: callbackHost, path: callbackPath } = parseCallback(props.callback);
+        const host = String(callbackHost).replace(/\\/g, '\\\\').replace(/"/g, '\\"');
+        // If the callback has a path component (e.g. "auth/spotify"), prefix the pathPattern
+        // so SpotifyAuthorizationActivity's intent filter correctly matches the return URI.
+        const pathPattern = callbackPath ? `${callbackPath}.*` : '.*';
         const placeholdersBlock = `        manifestPlaceholders = [
             redirectSchemeName: "${scheme}",
             redirectHostName: "${host}",
@@ -109,6 +122,8 @@ const withSpotifyAndroidManifest = (config, props) => {
         const mainApplication = config_plugins_1.AndroidConfig.Manifest.getMainApplicationOrThrow(config.modResults);
         // Construct the redirect URL from scheme and callback
         const redirectUrl = `${props.scheme}://${props.callback}`;
+        // Split callback into host and optional path for correct intent filter construction
+        const { host: callbackHost, path: callbackPath } = parseCallback(props.callback);
         // Add Spotify configuration as meta-data elements
         const metaDataEntries = [
             { name: 'SpotifyClientID', value: props.clientID },
@@ -137,22 +152,24 @@ const withSpotifyAndroidManifest = (config, props) => {
             mainActivity['intent-filter'] = [];
         }
         // Check if we already have a Spotify redirect intent filter
-        const hasSpotifyIntentFilter = mainActivity['intent-filter'].some((filter) => filter.data?.some((d) => d.$?.['android:scheme'] === props.scheme && d.$?.['android:host'] === props.callback));
+        const hasSpotifyIntentFilter = mainActivity['intent-filter'].some((filter) => filter.data?.some((d) => d.$?.['android:scheme'] === props.scheme && d.$?.['android:host'] === callbackHost));
         if (!hasSpotifyIntentFilter) {
+            // Build the data element: android:host must be the hostname only (no path).
+            // If the callback has a path component (e.g. "auth/spotify"), add android:pathPrefix.
+            const dataAttrs = {
+                'android:scheme': props.scheme,
+                'android:host': callbackHost,
+            };
+            if (callbackPath) {
+                dataAttrs['android:pathPrefix'] = callbackPath;
+            }
             mainActivity['intent-filter'].push({
                 action: [{ $: { 'android:name': 'android.intent.action.VIEW' } }],
                 category: [
                     { $: { 'android:name': 'android.intent.category.DEFAULT' } },
                     { $: { 'android:name': 'android.intent.category.BROWSABLE' } },
                 ],
-                data: [
-                    {
-                        $: {
-                            'android:scheme': props.scheme,
-                            'android:host': props.callback,
-                        },
-                    },
-                ],
+                data: [{ $: dataAttrs }],
             });
         }
         return config;

package/plugin/src/index.ts

@@ -5,6 +5,16 @@ import { SpotifyConfig } from './types.js'
 
 const pkg = require('../../package.json');
 
+/**
+ * Splits a callback value (e.g. "auth" or "auth/spotify") into its host and optional path components.
+ * Android intent filter `android:host` must not include a path segment.
+ */
+function parseCallback(callback: string): { host: string; path: string | null } {
+  const slashIdx = callback.indexOf('/')
+  if (slashIdx === -1) return { host: callback, path: null }
+  return { host: callback.slice(0, slashIdx), path: callback.slice(slashIdx) }
+}
+
 function validateSpotifyConfig(config: SpotifyConfig) {
   if (!config.clientID) throw new Error("Spotify clientID is required")
   if (!config.scheme) throw new Error("URL scheme is required")
@@ -86,9 +96,12 @@ const withSpotifyManifestPlaceholders: ConfigPlugin<SpotifyConfig> = (config, pr
 
     // Escape values for Gradle string literals (escape backslashes and quotes)
     const scheme = String(props.scheme).replace(/\\/g, '\\\\').replace(/"/g, '\\"');
-    const host = String(props.callback).replace(/\\/g, '\\\\').replace(/"/g, '\\"');
-    // ".*" accepts any path - retains previous behavior per Spotify changelog (auth lib 3.0.0)
-    const pathPattern = '.*';
+    // Split callback into host and optional path — android:host must not contain a slash
+    const { host: callbackHost, path: callbackPath } = parseCallback(props.callback)
+    const host = String(callbackHost).replace(/\\/g, '\\\\').replace(/"/g, '\\"');
+    // If the callback has a path component (e.g. "auth/spotify"), prefix the pathPattern
+    // so SpotifyAuthorizationActivity's intent filter correctly matches the return URI.
+    const pathPattern = callbackPath ? `${callbackPath}.*` : '.*';
 
     const placeholdersBlock = `        manifestPlaceholders = [
             redirectSchemeName: "${scheme}",
@@ -131,6 +144,8 @@ const withSpotifyAndroidManifest: ConfigPlugin<SpotifyConfig> = (config, props)
 
     // Construct the redirect URL from scheme and callback
     const redirectUrl = `${props.scheme}://${props.callback}`;
+    // Split callback into host and optional path for correct intent filter construction
+    const { host: callbackHost, path: callbackPath } = parseCallback(props.callback)
 
     // Add Spotify configuration as meta-data elements
     const metaDataEntries = [
@@ -170,25 +185,28 @@ const withSpotifyAndroidManifest: ConfigPlugin<SpotifyConfig> = (config, props)
     const hasSpotifyIntentFilter = mainActivity['intent-filter'].some(
       (filter: any) =>
         filter.data?.some(
-          (d: any) => d.$?.['android:scheme'] === props.scheme && d.$?.['android:host'] === props.callback
+          (d: any) => d.$?.['android:scheme'] === props.scheme && d.$?.['android:host'] === callbackHost
         )
     );
 
     if (!hasSpotifyIntentFilter) {
+      // Build the data element: android:host must be the hostname only (no path).
+      // If the callback has a path component (e.g. "auth/spotify"), add android:pathPrefix.
+      const dataAttrs: Record<string, string> = {
+        'android:scheme': props.scheme,
+        'android:host': callbackHost,
+      }
+      if (callbackPath) {
+        dataAttrs['android:pathPrefix'] = callbackPath
+      }
+
       mainActivity['intent-filter'].push({
         action: [{ $: { 'android:name': 'android.intent.action.VIEW' } }],
         category: [
           { $: { 'android:name': 'android.intent.category.DEFAULT' } },
           { $: { 'android:name': 'android.intent.category.BROWSABLE' } },
         ],
-        data: [
-          {
-            $: {
-              'android:scheme': props.scheme,
-              'android:host': props.callback,
-            },
-          },
-        ],
+        data: [{ $: dataAttrs }],
       });
     }