einundzwanzig/einundzwanzig-app
1
0
Fork 0
mirror of https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git synced 2026-06-25 07:00:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Return the signed event to the app via custom scheme, not a browser page

Browse Source 
A signer-owned Custom Tab never reliably displayed the browser handoff
page, so the token never returned. The Nostr launcher now uses the app's
custom scheme as the callback (einundzwanzig://signed/{k1}/): Amber opens
it directly after signing and the app exchanges the event for a token via
/api/mobile/token — no browser handoff in the loop.
This commit is contained in:
HolgerHatGarKeineNode
2026-06-12 01:14:01 +02:00
parent 76787a1bee
commit 54c959d18e
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/MobileAuthController.php
+7 -1
View File
@@ -158,9 +158,15 @@ final class MobileAuthController extends Controller
// encodeURIComponent(JSON.stringify(event)) — the exact encoding // encodeURIComponent(JSON.stringify(event)) — the exact encoding
// Amber accepts. Building it server-side produced subtly different // Amber accepts. Building it server-side produced subtly different
// percent-encoding that Amber rejected as malformed. // percent-encoding that Amber rejected as malformed.
//
// The callback is the app's custom scheme, not a portal URL: the
// signer opens it directly after signing, so the app receives the
// signed event and exchanges it for a token via /api/mobile/token —
// no browser handoff page (which a signer-owned Custom Tab failed to
// display reliably).
return view('auth.mobile-nostr-launch', [ return view('auth.mobile-nostr-launch', [
'k1' => $k1, 'k1' => $k1,
'callbackUrl' => url('/auth/mobile/signed/'.$k1.'/'), 'callbackUrl' => 'einundzwanzig://signed/'.$k1.'/',
]); ]);
} }