My goal:
Authenticate users via OAuth (Zitadel OIDC) in our Retool Mobile app on Urovo DT50 Android warehouse scanners.
Issue:
OAuth callback to oauth.retool.com/oauth/user/oauthcallback fails with "CSRF DETECTED" error - but ONLY on Android Retool Mobile app. Works: iPhone Retool Mobile app Works: DT50 browser (web app) Fails: DT50 Retool Mobile app β CSRF error
Steps I've taken to troubleshoot:
Enabled refresh tokens in Zitadel OAuth client
Tested multiple browsers (Chrome, Firefox, incognito) - same issue
Cleared app cache and data
Verified Android System WebView is up to date
Checked App Links verification - found only retool.com is verified, NOT oauth.retool.com
Additional info:
Cloud (Retool Cloud)
Android 13 on Urovo DT50 scanner
Zitadel OIDC authentication
Retool Mobile latest version Hypothesis:oauth.retool.com is not registered as a verified Android App Link, so the OAuth callback doesn't redirect back to the Retool Mobile app correctly on Android.
Is there a way to get oauth.retool.com added as a verified Android App Link?
Hello @Nolunga_FARO, welcome to the Community! And thanks so much for reporting this! I have reached out to our engineers internally and will get back to you as soon as I hear back.
Hey yes @Nolunga_FARO Our engineering team is actively working on this and is targeting a fix by the end of this week. I will keep you updated and let you know right away if anything changes. Thanks so much for your patience while we work through this.
Hey there @Nolunga_FARO, our engineer is still working hard on a permanent solution for this. In the meantime, theyβve created a .apk app for you to download and use as a temporary workaround. Iβll DM you the app now!
Hey @Nolunga_FARO our engineers are still working through the Android release process, I will let you know once I have an update! Hope the temp app is working well as it should so far!
Hey hey @Nolunga_FARO, good news! The CSRF issue has been resolved in Android version 3.355.0, which is rolling out now. Play Store auto-updates can take up to 48 hours to reach all users, so full availability is expected by Friday, March 20. If users want it sooner, they can manually update via the Play Store starting Wednesday, March 18!
Works: iPhone Retool Mobile app
Fails: DT50 Retool Mobile app β CSRF error
And thanks so much for reporting this! I have reached out to our engineers internally and will get back to you as soon as I hear back.
The CSRF issue has been resolved in Android version 3.355.0, which is rolling out now. Play Store auto-updates can take up to 48 hours to reach all users, so full availability is expected by Friday, March 20. If users want it sooner, they can manually update via the Play Store starting Wednesday, March 18!