Skip to content

@W-20935841: Bug - P2 - [Android] Login Server Switching Misbehaving #2822

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JohnsonEricAtSalesforce merged 3 commits into from
Jan 20, 2026
Merged

@W-20935841: Bug - P2 - [Android] Login Server Switching Misbehaving #2822

JohnsonEricAtSalesforce merged 3 commits into from
Jan 20, 2026

Conversation

@JohnsonEricAtSalesforce
Copy link
Contributor

@JohnsonEricAtSalesforce JohnsonEricAtSalesforce commented Jan 20, 2026

🥁 Ready For Review 🥁

Salesforce Welcome Discovery's "mobile flow" requires the mobile app to access https://welcome.salesforce.com/discovery with the /discovery path plus the query string parameters client_id, client_version and callback_url. An interesting and possibly not supported use case is if app is also configured with https://welcome.salesforce.com as a login server that does not have the /discovery path. This triggers a failed server switch where the authorization URL isn't loaded and the progress indicator keeps spinning.

The actual logic change is that up until WSC Disco path was not a consideration for the login server. In this bug, the login server doesn't update since MSDK cannot tell the two WSC URLs are different since they have the same host and prefix.

To resolve this, the URL check now examines the host and path discretely to drive the logic and doesn't use string level comparison for the URL values.

Here's a recording of the new behavior. Note the WSC entry without the required WSC /discovery suffix doesn't respect the consumer key validation and allows an app outside the allow list to access WSC. There's no client_id parameter in that case to drive the server-side logic. Currently, WSC hosts don't have a host naming convention to drive the submission of those parameters which is the purpose of the path. Only the production host has a fixed host name.
Screen_recording_20260120_130154.webm

@github-actions
Copy link

github-actions bot commented Jan 20, 2026

1 Error
🚫 Please re-submit this PR to the dev branch, we may have already fixed your issue.

Generated by 🚫 Danger

@github-actions
Copy link

github-actions bot commented Jan 20, 2026

Job Summary for Gradle

Pull Request :: test-android
Gradle Root Project Requested Tasks Gradle Version Build Outcome Build Scan®
SalesforceMobileSDK-Android libs:SalesforceSDK:convertCodeCoverage 8.14.2 Build Scan not published
SalesforceMobileSDK-Android libs:SalesforceSDK:lint 8.14.2 Build Scan not published
SalesforceMobileSDK-Android libs:SalesforceSDK:assembleAndroidTest 8.14.2 Build Scan not published

wmathurin
wmathurin approved these changes Jan 20, 2026
View reviewed changes
Copy link
Contributor

@wmathurin wmathurin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's have another PR afterwards to bring the changes back from master to dev.

@JohnsonEricAtSalesforce JohnsonEricAtSalesforce merged commit f6e7a1d into forcedotcom:master Jan 20, 2026
3 of 6 checks passed
@JohnsonEricAtSalesforce JohnsonEricAtSalesforce deleted the bugfix/w-20935841_bug-p2-android-login-server-switching-misbehaving branch January 20, 2026 21:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wmathurin wmathurin wmathurin approved these changes

Assignees

@JohnsonEricAtSalesforce JohnsonEricAtSalesforce

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JohnsonEricAtSalesforce @wmathurin