I'm working with a PWA that has oAuth logins. I've specified my PWA's scope as:
scope: "https://app.myapp.com"
So that any navigation to an out-of-scope URL would trigger an in-app browser.
In my code, when doing oAuth, I send users to the authorisation url with:
window.location.href = "https://accounts.google.com/o/oauth2/v2/auth?client…"
This opens the in-app browser for oAuth which allows me to login, once done the user is sent back to my app.
HOWEVER, when I then call history.go(-1) the user is sent to "https://accounts.google.com/o/oauth2/v2/auth?client…" again instead of the page they were previously on.
It looks like even though the authorisation URL is not in-scope and opened in an in-app browser, it's still added to the history.
Is this a bug? I can't find any information about how history stack and in-app browser is handled.
Video of the behavior can be found here.
This is not a bug. You're using the History API which keeps track of your session history. When you navigate the user to your oAuth URL, it is added to the history state for that session. Once the user is redirect back to your app, the last entry will be oAuth URL (-1).
You could easily get around this by going back two entries (-2) or editing/removing the last entry with replaceState() and history.deleteUrl().