I am trying to implement Moneris hosted pay page from a flutter mobile app but this question is relevant to any app that wants to implement Android App Links. In order to redirect back from the hosted pay page, I need to implement Android App Link (haven't gotten to do iOS version yet). Based on this article, in order for App Links to work, one needs:

1. Identify a redirect URL on the Moneris hosted pay page (or on the page where a redirect might take place, in case of a generic example);
2. Modify AndroidManifest.xml to associate redirects with activities;
3. Implement a way in Flutter to intercept App Links;
4. Place the Digital Asset Links JSON file on the web site (same domain as redirect URL) in the .well-known folder.

For #1, I have identified 2 URLs, one for approved payments (https://example.com/moneris_approved) and one for declined payments (https://example.com/moneris_declined). URLs have to be in https for the whole thing to work. Moneris can reply with a POST with XML, POST with parms or GET with parms. Tried all three.

For #2, I have modified AndroidManifest.xml both by hand and with help of Android Studio. Relevant pieces look like this:

<application
    android:name="io.flutter.app.FlutterApplication"
    android:label="<label>"
    android:icon="@mipmap/ic_launcher">
    <activity
        android:name=".MainActivity"
        android:launchMode="singleTop"
        android:theme="@style/LaunchTheme"
        ...              
        <intent-filter>
            <action android:name="android.intent.action.MAIN" />
            <category android:name="android.intent.category.LAUNCHER" />
        </intent-filter>

        <intent-filter android:autoVerify="true">
            <action android:name="android.intent.action.VIEW" />    
            <category android:name="android.intent.category.DEFAULT" />
            <category android:name="android.intent.category.BROWSABLE" />    
            <data
                android:scheme="https"
                android:host="example.com"
                android:pathPattern="/moneris_approved" />
        </intent-filter>    
        <intent-filter android:autoVerify="true">
            <action android:name="android.intent.action.VIEW" />   
            <category android:name="android.intent.category.DEFAULT" />
            <category android:name="android.intent.category.BROWSABLE" />    
            <data
                android:scheme="https"
                android:host="example.com"
                android:pathPattern="/moneris_declined" />
        </intent-filter>    
    </activity>
</application>

For #3, I am using uni_links package which takes care of channeling incoming App Links to my app.

For #4, I have created and uploaded the assetlinks.json file and placed in the right folder. Included both debug and release SHA256 fingerprints. The file looks like this:

[
    {
        "relation": ["delegate_permission/common.handle_all_urls"],
        "target": {
            "namespace": "android_app",
            "package_name": "com.example.<name>",
            "sha256_cert_fingerprints":
            ["........"]
        }
    }
]

Now, after doing all that, when Moneris redirects to provided URLs, I am seeing a 404 page coming from my hosting site.

To verify the setup, I have:

• Successful tested statement file with the Statement List Generator and Tester;
• Successfully tested digital asset link file with Google APIs (https://digitalassetlinks.googleapis.com/v1/statements:list?source.web.site=https://example.com&relation=delegate_permission/common.handle_all_urls)
• Successfully tested the URL intent using ADB shell (am start -W -a android.intent.action.VIEW -c android.intent.category.BROWSABLE -d "https://example.com/moneris_approved")
• Successfully checked link policies using ADB (adb shell dumpsys package d)

At this point, I don't know how else to test it or what the problem is. I don't think the problem is with my app but rather soemthing is not closing the loop between Moneris redirect and it coming back to my app.

Update 1

I devised a testing approach like this:

1. Created a link-test page on my site with links mimicking redirects (i.e. same host/path as in the app's AndroidManifest.xml;
2. Created a simple Java Android App using Android Studio. Using App Link Assistant I updated its AndroidManifest, created intents and reacted to those coming in. Also updated the assetlinks.json file on my website. Tested it with the link-test page running on my emulator and everything worked as expected. App opened up ok.
3. Repeated #2 but this time with a Flutter app using the uni_links package. Went throught he same steps of creating slightly different links on my link-test page, updating AndroidManifest and assetlinks.json file. Tested it with the link-test page running on my emulator and everything worked as expected. App opened up ok.
4. Run the app I am working on on the emulator and put the links I am expecting to get from Moneris on my link-test page and tsted on the emulator. Everything worked as expected. App opened up ok.

So now my question is: what is the difference between me clicking on a link on my page (HTTP GET) vs. Moneris redirecting to the same link using HTTP GET? Me clicking on the link works. Moneris redirect does not.

thanks for suggesting an answer but I think you might have misunderstood the intent of what I am trying to do here. This has nothing to do with authentication or authorization - I looked up apps.googleusercontent.com and it took me here (developers.google.com/identity/sign-in/web/server-side-flow‌​). Consequently, no Client Secret is passed on the call.

@Igor I use this URL Sechma for paypal redirect, it's not specific for authentication or authorization , also good 👍to know that there is no client secret stroed in the app

thanks for clarification. Unfortunately, Moneris only supports http and https schemas so using com.googleusercontent.apps as schema will not work for me. And while I get that it works for you, your implementation contradicts my understanding of how Android App Links should work as per this: developer.android.com/training/app-links. i am puzzled.

@Igor 😲 thanks for the link , your are right , I used the url to skip the verification step for local devlopment , try to change android:pathPatter to android:pathPrefix

Glad I could help...mind you, I'm back to square one.

I will review the last link (to the Medium article) but as for the rest, I am using the uni_link flutter package. And I have it tested with all tests provided by Google yet it still does not work. Hence my question.