Mastering Redirect URIs in Mobile Apps for Seamless Authentication


Redirect URIs play a crucial role in modern mobile application authentication, especially in OAuth and similar authentication flows. However, implementing them correctly can be a hurdle for many developers. This blog post aims to demystify the process, guiding you through setting up and handling redirect URIs effectively in your mobile applications.

Understanding Redirect URIs

A Redirect URI is a critical component in the authentication process, acting as the endpoint to which users are directed after authentication. In mobile apps, these often take the form of deep links, which bring users back to the app from a web-based authentication flow.

Setting Up a Redirect URI for Mobile Apps

For Android:

  1. Defining a Deep Link in the Manifest: Start by adding intent filters to your AndroidManifest.xml. This tells Android how to handle URLs intended for your app. Define a custom scheme or host to ensure your app uniquely captures the redirect URL.
<activity android:name=".MainActivity">                                    
        <action android:name="android.intent.action.VIEW" />
        <category android:name="android.intent.category.DEFAULT" />
        <category android:name="android.intent.category.BROWSABLE" />
        <data android:scheme="yourcustomscheme" android:host="redirect" />
  1. Handling the Intent in an Activity: In your MainActivity, override onCreate or onNewIntent to handle the incoming intent. Extract the code or token from the URI:

protected void onNewIntent(Intent intent) {
    Uri uri = intent.getData();
    if (uri != null && uri.getScheme().equals("yourcustomscheme")) {
        String code = uri.getQueryParameter("code");
        // Handle the code

For iOS:

  1. Configuring URL Schemes: In Xcode, go to your project settings and add a URL scheme under URL Types. This is your app’s custom URL scheme.
  2. Handling Incoming URLs: Implement URL handling in your AppDelegate. This method is invoked when your app is asked to open a custom URL scheme:

func application(_ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey : Any] = [:]) -> Bool {
    if url.scheme == "yourcustomscheme" {
        let code = url.queryItems?["code"]
        // Process the code
        return true
    return false
Here, yourcustomscheme should be replaced with the custom URL scheme you defined.

For React Native

  1. Register a Custom URL Scheme:
    1. For Android, modify AndroidManifest.xml as shown in the Android section.
      • For iOS, configure URL Types in Xcode project settings.
  2. Handling Incoming Links:
    1. Use the Linking API in React Native to handle incoming URLs.
      • Listen for incoming URLs and parse them to extract the code.

import { Linking } from 'react-native';

Linking.addEventListener('url', handleOpenURL);

function handleOpenURL(event) {
    let data = Linking.parse(event.url);
    let code = data.queryParams.code;
    // Use the code here

For Flutter

  1. Define a Custom URL Scheme:
    1. For Android, update AndroidManifest.xml.
      • For iOS, update Info.plist with the URL scheme.
  2. Handling Incoming URLs:
    1. Use packages like uni_links for Flutter to handle incoming deep links.
      • Implement logic to parse the URL and extract the authentication code.

import 'package:uni_links/uni_links.dart';

void initUniLinks() async {
    try {
        final Uri? initialUri = await getInitialUri();
        if (initialUri != null) {
            String? code = initialUri.queryParameters['code'];
            // Handle the code here
    } on Exception {
        // Handle exception

Best Practices

  • Ensure the URL scheme is unique to avoid conflicts with other apps.
  • Handle exceptions and edge cases where the URL might not contain the expected parameters.


Implementing and handling Redirect URIs in mobile applications is a key skill in today’s app development landscape. With the right setup and attention to detail, you can create a smooth and secure authentication experience for your users.

Understanding the nuances of handling these URIs in Android and iOS platforms will empower you to build more robust and user-friendly mobile applications. Remember, the goal is not just to authenticate a user but to do so in a manner that enhances their overall experience with your app.

Additional Resources

Happy Coding!

Table of Contents

Leave a Reply

Your email address will not be published. Required fields are marked *