Allow otpauth:// Links from Embedded Webview
Closed this issue · 0 comments
- Expected behavior
Link to authenticator apps on device - especially Authenticator Apps such as microsoft authenticator for time-based one time password (totp) flows (e.g. https://github.com/azure-ad-b2c/samples/blob/master/policies/custom-mfa-totp/readme.md )
If you are on a mobile device using msal, you will not be able to scan a QR code, and instead would want to link directly to your authenticator app on the device using the otpauth:// scheme
- Actual behavior
The msal checks links to http endpoints preventing them (correctly).
However I think the intention here is to prevent the use of http endpoints, rather than preventing all protocols other than https
- Steps to reproduce the problem
include a link to an authenticator app such as
otpauth://totp/B2CDemo%3Aa%40b.c?secret=IU67PONWOM3AITKNT464LLF4YAL4OFUI&issuer=Azure%20AD%20B2C%20Demo
- Specifications like the version of the library, operating system etc.
msal 1.5.+
Pixel 2 Emulator
Android 28+