Chrome Custom Tabs Initial Okta Auth Not Redirecting Back

Question

I'm in the process of implementing SSO on an Android app in which we're using Okta for the identity management while in development. We have Okta set up so that, after the a successful user/password authentication, the user only has to validate their password on subsequent logins.

I'm using Chrome Custom Tabs to open the browser url and have set up the correct intent-filter configuration in my AndroidManifest.

The issue that i'm having is that the initial auth screen does not redirect back into the app and I get the ERR_UNKOWN_URL_SCHEME error page. However, when authenticating from the password validation screen, the app scheme is recognized and the user is redirected back into the app.

Also note: from the ERR_UNKOWN_URL_SCHEME error page, if I select "Open in Chrome", the app picks up the redirect and I'm put back into the app. Which leads me to believe this may be a Custom Tabs issue.

The code to launch Chrome Custom Tabs looks like the following:

    CustomTabsIntent customTabsIntent = new CustomTabsIntent.Builder(mCTSession)
            .setToolbarColor(ContextCompat.getColor(mContext, R.color.colorPrimary))
            .setStartAnimations(context, R.anim.slide_in_right, R.anim.slide_out_left)
            .setExitAnimations(context, android.R.anim.slide_in_left, android.R.anim.slide_out_right)
            .build();
    customTabsIntent.intent.setFlags(Intent.FLAG_ACTIVITY_NO_HISTORY | Intent.FLAG_ACTIVITY_NEW_TASK);

    if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.LOLLIPOP_MR1) {
        String referrer = Intent.URI_ANDROID_APP_SCHEME + "//" + packageNameToUse;
        customTabsIntent.intent.putExtra(Intent.EXTRA_REFERRER, Uri.parse(referrer));
    }

    customTabsIntent.launchUrl(context, Uri.parse(fixedUrl));

I know that a similar issue was reported in an older version of CCT, but that issue seems to have been patched.

Has anyone else experienced this particular issue?

Adding images of the actual auth pages for reference ...

The initial user/password screen (Not Working):

Password validation only screen (WORKS!):

Answer 1

Even if the problem looks different, it can be solved following the instructions here: https://github.com/iainmcgin/AppAuth-Demo

The relevant part is the use of an "interstitial page" to be used as redirect URI from the auth flow. The code for the page is https://appauth.demo-app.io/oauth2redirect, and you have to change the redirectUri js variable to your app uri (the original redirect URI intercepted by the app)

For reference, I originally found the solution here: "Navigation is blocked" when redirecting from Chrome Custom Tab to Android app