Search code examples
iosazurereact-nativeexpoeas

Android scheme not accepted by IOS when submitting react-native app through Expo EAS

The problem

I'm trying to implement Microsoft login into my app. I'm using the expo oAuth plugin as described in the documentation (https://docs.expo.dev/guides/authentication/#azure).

I can build and run fine on android and ios BUT as soon as I try to submit the build for ios, I'm receiving an error

Waiting for submission to complete. You can press Ctrl+C to exit.
✖ Something went wrong when submitting your app to Apple App Store Connect.

We couldn't figure out what went wrong. See logs to learn more.

[logs] Starting the submit process
[logs] Downloading archive        
[logs] Preparing artifact
[logs] Verifying archive
[logs] Creating ascApiJsonKey.json file with ASC credentials
[logs] Submitting iOS app to TestFlight...
[logs] Submitting the app with fastlane pilot
[logs] -------------------
[logs] --- Step: pilot ---
[logs] -------------------
[logs] Creating authorization token for App Store Connect API
[logs] Ready to upload new build to TestFlight (App: 911779924)...
[logs] Going to upload updated app to App Store Connect
[logs] This might take a few minutes. Please don't interrupt the script.
[logs] [altool] 2023-11-03 02:55:19.639 *** Error: Asset validation failed The following URL schemes found in your app are disallowed: [msauth] (ID: c3d7df49-5de2-4684-a732-f23c1b7638a6) (90155)
[logs] [altool]  {
[logs] 
[logs] [altool]     NSLocalizedDescription = "Asset validation failed";
[logs] 
[logs] [altool]     NSLocalizedFailureReason = "The following URL schemes found in your app are disallowed: [msauth] (ID: c3d7df49-5de2-4684-a732-f23c1b7638a6)";
[logs] 
[logs] [altool]     "original_server_error" =     {
[logs] 
[logs] [altool]         code = "STATE_ERROR.VALIDATION_ERROR.90155";
[logs] 
[logs] [altool]         detail = "The following URL schemes found in your app are disallowed: [msauth]";
[logs] 
[logs] [altool]         id = "c3d7df49-5de2-4684-a732-f23c1b7638a6";
[logs] 
[logs] [altool]         status = 409;
[logs] 
[logs] [altool]         title = "Asset validation failed";
[logs]
[logs] [altool]     };
[logs]
[logs] [altool] }
[logs]
[logs] Application Loader output above ^
[logs] ERROR: Asset validation failed (90155) The following URL schemes found in your app are disallowed: [msauth] (ID: c3d7df49-5de2-4684-a732-f23c1b7638a6)
[logs] Error uploading '/var/folders/8m/cfpqfjyx37xd0tlkyxt9flph0000gn/T/e60cec55-13b3-4757-8501-eee3697d70e7.ipa'.
[logs] Asset validation failed The following URL schemes found in your app are disallowed: [msauth] (ID: c3d7df49-5de2-4684-a732-f23c1b7638a6) (90155)
[logs] The call to the altool completed with a non-zero exit status: 1. This indicates a failure.
[logs] Could not download/upload from App Store Connect!
[logs] [!] Error uploading ipa file:
[logs]  [Application Loader Error Output]: ERROR: Asset validation failed (90155) The following URL schemes found in your app are disallowed: [msauth] (ID: c3d7df49-5de2-4684-a732-f23c1b7638a6)
[logs] [Application Loader Error Output]: Error uploading '/var/folders/8m/cfpqfjyx37xd0tlkyxt9flph0000gn/T/e60cec55-13b3-4757-8501-eee3697d70e7.ipa'.
[logs] [Application Loader Error Output]: Asset validation failed The following URL schemes found in your app are disallowed: [msauth] (ID: c3d7df49-5de2-4684-a732-f23c1b7638a6) (90155)
[logs] [Application Loader Error Output]: The call to the altool completed with a non-zero exit status: 1. This indicates a failure.
[logs] Fastlane pilot failed
[logs] Failed to submit the app

I realize that msauth is the android scheme but I need it for the azure login to work on android. Without that scheme, the login does not redirect back to my app.

My configuration

in app.json I have the schemes defined as follows. I have redacted my fb ID.

"scheme" : ["carpool", "fb[SECRET_ID]", "msauth"],

My redirect url object is constructed like this :

const redirectObject = {
        scheme : Platform.OS === 'ios' ? "msauth.be.cpa.taxistop.Carpool" : "msauth",
        path : Platform.OS === 'ios' ? "auth" : "be.taxistop.carpool/[HASH]",
        useProxy: USE_PROXY,
    };

I'm constructing the object above like that based on the info I have in the azure portal :

enter image description here

Things I have tried

I have tried removing the 'msauth' scheme after which I can successfully submit to testflight but then I have no redirect in the android app.

Next, I tried adding the scheme to the plist through app.json as suggested here : https://forums.expo.dev/t/url-scheme-not-recognized-ios/69701

 "infoPlist": {
        "CFBundleURLTypes": [
          {
            "CFBundleTypeRole": "Editor",
            "CFBundleURLSchemes": ["msauth"]
          }
        ],
        "LSApplicationQueriesSchemes": ["msauth"]
      }

That did unfortunately not work either.

Next, I 'ejected' my app (prebuild), added the scheme to the plist directly in xcode (on a mac), I was able to succesfully build the app and make an archive but when submitting the app to testflight I was greeted by the exact same error message again.

I'm completely stuck and out of ideas at this point so I hope someone here can help me in the right direction...

Solution

  • In your application registration in Azure Ad you will find the required return URL for iOS. It will be something like msauth.<bundleid>.

    This is the value you need to add to CFBundleURlSchemes.

    This key declares the url schemes that your app supports. By having msauth there, your app is attempting to hijacker the Microsoft Authenticator url scheme.

    Having msauth in LSApplicationQueriesSchemes is ok because this lets your app check if the Microsoft Authenticator app is installed.

    The message you got is interesting, because officially, there is no "registration" of url schemes; this is why universal links are preferred. In this case it seems Apple has decided that there is a real security risk of apps attempting to hijack s auth and have added it some sort of blacklist.