Our MAUI production app has had a longstanding OAuth 2.0 flow, brokered by our organization’s server, that employed the now-deprecated Custom URI Redirect scheme after supplying secrets held on the server. The PKCE loopback scheme has also been deprecated and can’t be used either. My best-case migration scenario would be to broker this using the Firebase project that the MAUI apps are linked to.

I’ve flipped the switch to turn off the Custom Redirect Scheme (and if I don’t do it, Google will pretty soon) and now “everything else” that I’ve tried gets rejected as a non-matching redirect.

My question is simple: Can a device-specific credential still be used and if so, how? Is a public Android or iOS client on Maui even allowed to initiate a consent screen? The only way I can seem to get it to work is by supplying the reverse url as the redirect and it only works when this is enabled on the native credential.

What I’ve tried

So, what about ‘app-claimed URIs’? Have they already come and gone? I’m not sure. But if they are still permissible, I went ahead and deployed some on my Firebase project with an assetlinks.json on the Firebase server, and tested that they open the intent on the Android MAUI app.

While I was at it, I made sure to link the Maui app to Firebase project, and also deployed a new custom domain where the DNS records have been run through the respective trust and ownership validations on both the Google Cloud side and the Firebase side. Cloud Run functions are enabled and working. Everything is signed.

As long as I use the Web Application Credential, I have four different working authorized endpoints on my Consent Screen including a Cloud Run function that works as a redirect and does a token exchange plus a localhost that works perfectly with the Desktop credential.

So, how to pass a code to a Maui Mobile device?

I’ve created and duly authorized several new assets that I thought should have moved things forward. And to be clear, I have ‘no’ issues signing in and using Google Drive API up in my Firebase cloud, or on my desktop client. I realize it’s not supposed to be easy exactly, but shouldn’t there be a way?

Meanwhile I drift from one obsolete SDK to another. Google Identity? Google Sign In? I guess the “new kid” is FedCM? …