There is a request to add a link to one of our websites that can open our mobile app on iOS or Android, and login to the app based by passing an authentication token in. If the apps do not exist on either platform I need it to fall back to the associated website.
From what I understand about universal links or deep linking, their intended purpose is to take you to a specific page within an app, not pass along parameters. Custom URL schemes seem to fit better, but also aren't supported the same way and falling back to the web is problematic.
If anyone has ever setup something like this and has resources I can look at it would be appreciated.
Thanks.
It is possible to build a deep linked authentication system like this, with a few important caveats:
URI schemes and Universal Links don't support passing parameters, but they can be used to build a system like this (Slack uses URI scheme links for their famous 'magic link' mobile sign in process, for example). However, they only work if the app is already installed. Neither one will allow you to preserve context across install, which limits their usefulness.
Branch.io (full disclosure: I'm on the Branch team) links can be used to power an experience like this. Unlike URI schemes and Universal Links, we do allow you pass real key:value parameter pairs with each link, and we have by far the best matching accuracy in the field. I would do the following:
sendSMS()
function), or go straight to the API.+match_guaranteed
parameter to make sure you have the correct user (see the blog post above for more info on how this is verified).+match_guaranteed
comes back true
, verify the returned token against the value stored on your backend and log the user in. If false
, or the token doesn't validate, handle the error (likely by asking the user to log in manually).To make this extra secure, store the token in your backend with an expiration timestamp (perhaps 5-10 minutes) and don't permit the automatic authentication if the link is stale. This will prevent a URL from being found somewhere later on and reused, and will also make sure nothing bad happens if someone later retrieves the contents of the link.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With