I am using cordova to run an angular application on mobile (android for now). The application uses auth0, an oauth2 provider for authentication. It works fine on the web, as the provider redirects to the callback url with the token after authentication, and the web app restarts with the parameters received.
On mobile at first try the app opened an external browser for login, which obviously could not return to the app. Then I used <allow-navigation href="https://[my domain].eu.auth0.com/*"/> in config.xml. Now the authentication is happening in-app, but the callback url is https://localhost/index.html?code=[token], which the app does not recognize as its own.
How can I make the cordova app to understand that that url have to be handled by it, or alternatively what would be the right callback url?
Update: I have found this sample, using ionic/capacitor: https://github.com/auth0-samples/auth0-ionic-samples/tree/main/angular I could not yet make it work, but the main point is what the accepted answer says.
A mobile app needs to follow recommendations from RFC8252, to use a custom scheme based redirect URI, such as com.mycompany.myapp:/callback. It is also possible to use HTTPS schemes, though this requires app / universal links to be registered. This is often called the AppAuth pattern. See my blog posts for an intro:
On Cordova this will require a plugin, though I don't know if a good one exists that you can just plugin, and it is possible you'll need to write your own one. This is one of those areas where tech stacks such as Cordova can be problematic, since the underlying behaviour is native tech.