Android: 3d-secure redirect response

Question

I have an Android app where I am processing payments within the app. The payment also requires 3d-secure verification sometimes. So this requires redirecting the user to a webpage where they will be able to make some appropriate actions: Such as entering a code or such. In my case, the app is targeted towards Swedish users and it redirects them to a page where they must open another "bank ID" app, either on the same device or another, to perform this verification.

On our iOS app this feature works as expected. Once the user has performed the verification, the browser receives a callback which can then be used to update the app accordingly, but on Android, the WebView I am using is not notified. So I am unable, so far, to handle the user-verification event.

Does anybody have experience with this or any similar use-case? Any help is appreciated.

did you properly figure out response from BankID app to your app? how that can be done? let me know if you have come across such requirements. — umer sufyan, Oct 23 '18 at 10:33
I tried to explain the answer here: https://stackoverflow.com/a/71507414/7126848 — Muhammad Etisam Zafar, Mar 17 '22 at 05:39

score 9 · Accepted Answer · edited Sep 22 '16 at 09:29

9

We have experienced a similar issue with Nordea's 3D Secure page in an Android WebView. It came down to the page trying to access local storage. We added the code below to the app to get it to work:

mWebView.getSettings().setDomStorageEnabled(true);
mWebView.getSettings().setDatabaseEnabled(true);

if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT) {
  mWebView.getSettings().setDatabasePath("/data/data/" + 
    mWebView.getContext().getPackageName() + "/databases/");
}

mWebView.setWebViewClient(new WebViewClient(){
  @Override
  public boolean shouldOverrideUrlLoading(WebView view, String url) {
    if(url.startsWith("intent:")){
      Intent intent = new Intent();
      intent.setPackage("com.bankid.bus");
      intent.setAction(Intent.ACTION_VIEW);
      intent.addCategory(Intent.CATEGORY_BROWSABLE);
      intent.addCategory(Intent.CATEGORY_DEFAULT);
      intent.setType("bankid");
      intent.setData(Uri.parse("bankid://www.bankid.com?redirect=null")) ;
      startActivityForResult(intent, 0);
      return true;
    }

    // your existing override code goes here probably "return false"  
    // to stop webview redirects to browser.
  }
});
mWebView.loadUrl(url);

edited Sep 22 '16 at 09:29

Mustafa Berkay Mutlu

1,929
1
25
37

answered Mar 30 '16 at 13:26

Tobias Persson

106
4

Thanks for your comment and solution. I had actually figured this out, but had forgotten to post the solution here. – Rameez Hussain Mar 30 '16 at 13:43
This solved it for us as well. It still does not "find" the BankID app when clicking on the "Open app" button - but the authorization goes through. – Mattis Dec 15 '16 at 11:09
I just wanna know how would you know in your app, is there any CallBack that you can implement from BankID app to make sure your thing is processed successfully!! – umer sufyan Oct 23 '18 at 10:32
1

Is it necessary to use 'Intent' to open the BankID app with the Android WebViewClient or can it be setup to launch the app automatically with the bankid:/// url scheme as a browser can do? – Dan Apr 16 '19 at 08:08
Same here. I can't get the Bank-ID app to start. In fact, the shouldOverrideUrlLoading method is never called. But the Auth flow goes through after the user manually switches to the bank-id app. Thanks! – AlexanderNajafi Jun 30 '20 at 13:34
@AlexanderNajafi https://stackoverflow.com/a/71247500/7126848 – Muhammad Etisam Zafar Feb 24 '22 at 06:58

Android: 3d-secure redirect response

1 Answers1