Solved

OAuth2 consent page does not seem to be optimized for mobile devices

  • 23 January 2024
  • 4 replies
  • 108 views

Badge +1

Hello Lucid developers!

At my work I'm trying to add Lucid export to one mobile app. According to the documentation I'm trying to redirect a client from my mobile app to a web browser at https://lucid.app/oauth2/authorize (plus necessary parameters).
And in a mobile browser (more precisely android’s Custom Tabs), after logging into Lucid, the user sees such a screen (see screenshot). It doesn't seem to be optimized for mobile devices. It seems even not horizontally scrollable. Can you (Lucid developers) fix this? Or maybe I can fix this from my side somehow?

I also have two less important questions.
1) The user of the mobile application can log in through a web browser, after which the application receives an authorization code and the necessary tokens. After this, the user may want to unlink the mobile application from his Lucid account and we call the API here (https://developer.lucid.co/rest-api/v1/#oauth2-revoke-access-token). After which the user may want to log in to Lucid again with a different Lucid account, but when the mobile application redirects him again to https://lucid.app/oauth2/authorize, the user is no longer able to see the login screen, and he is immediately redirected back to the mobile application (because its session is not closed in the browser - it is already logged in in the browser). I know that some OAuth providers have a special parameter for the authorization endpoint like prompt=login . Maybe you have something similar?
2) Not a very important question - will OAuth redirect work if the user is not yet registered in Lucid? That is, will a redirect from https://lucid.app/oauth2/authorize back to the mobile application work if the user starts the process of registering a new Lucid account?

 

icon

Best answer by Ian Baenziger 25 January 2024, 21:32

View original

Comments

Userlevel 2
Badge +3

Hey Fedir! 

 

In complete transparency, mobile development on our REST API is relatively new territory for us,  so thank you for your question and post! This is an area we’re excited to improve. 

 

We have discussed internally and now have a developer actively working to make our OAuth 2 Grant Access page mobile responsive. We do not yet have an ETA, but I do not expect it to take very long.

 

Regarding your other two questions, we will get back to your tomorrow. We have an API team meeting tomorrow morning that I want to discuss the topic then.

 

Will get back to you more tomorrow. Thanks! 

Userlevel 2
Badge +3

Okay! Hey Fedir! Sorry this took a day later than expected.

 

1) I know that some OAuth providers have a special parameter for the authorization endpoint like prompt=login . Maybe you have something similar?

We unfortunately do not currently offer the “prompt=login” flow/parameter. Do you expect users to often be switching amongst multiple Lucid accounts when using your app? Trying to gauge the importance of this functionality for your build.

 

2) Will OAuth redirect work if the user is not yet registered in Lucid?

The technical answer here is “sorta” 🙂. Short version: the user will be asked to create an account, but won’t be auto-redirected.

Longer version: when the user does not have a Lucid account and they try to click the link to the grant access page on mobile, the user will be prompted to login or create an account. After they create an account they will hit a page that looks like the screenshot below (note the page shown below is not the mobile version). The user will need to then re-click the link to the grant access page to use the app.

Note this is an experience we likely won’t change in the near future (just given other things on our roadmap).

 

Badge +1

Hi Ian
 

Wow, thank you for reacting so quickly!

>Do you expect users to often be switching amongst multiple Lucid accounts when using your app?


I checked our analytics and found that about 5% of users who connected Trello and Miro accounts (two another services with which we integrate our application) later disconnect them. I don’t have analytics data about why they do this, but I think one of the reasons is to connect another account. So giving them the opportunity to do that would be a nice to have feature.
By the way, it might come in handy - it looks like Trello, although it doesn’t have the prompt=login parameter, every time it shows the OAuth consent screen where, among other things, there is a “Change account” link that leads to the login screen.
Miro also shows a consent screen every time, but, unfortunately, there is no option to change the account.

In any case, even if you do not plan to implement this, I am very grateful that you responded so quickly and will improve the OAuth experience for mobile devices. Thank you!

Badge

Hello! I just wanted to let you know that we have pushed changes that should make the mobile experience for this page much more palatable (see attached gif below)! Let us know if you run into any other problems!

Reply