ARTICLE AD BOX
Title:
Android TWA opens Chrome Custom Tab during OAuth login when using a no-code platform (Base44) with multiple domains
Body:
I'm trying to publish an Android app based on a PWA using Trusted Web Activity (TWA).
The web app works perfectly at:
It has a valid manifest.json and an assetlinks.json configured at:
https://maystok.com/.well-known/assetlinks.json
When the PWA is installed from Chrome on mobile, it runs correctly in standalone mode without the browser UI.
However, when the Android app is installed from Google Play, the login flow triggers a Chrome Custom Tab instead of staying inside the TWA.
Current flow
App launch ↓ https://maystok.com (landing page) ↓ User clicks "Try Free" ↓ Google login ↓ redirect to por.base44.com ↓ Google account selection ↓ redirect to maystok.base44.app ↓ Dashboard loadsAt the step where the login redirects to:
por.base44.comAndroid opens a Chrome Custom Tab showing the browser UI.
What I've already checked
assetlinks.json is correctly hosted at
https://maystok.com/.well-known/assetlinks.json
The package name matches the one in Google Play
SHA256 from Play Console is included
The PWA manifest uses "display": "standalone"
The issue only happens when the OAuth login starts
My hypothesis
Because the authentication flow goes through multiple domains:
maystok.com por.base44.com maystok.base44.appAndroid cannot verify the trust relationship for the intermediate domains, so it falls back to Chrome Custom Tabs.
Questions
Is it possible for a TWA to remain fullscreen if the OAuth flow redirects through domains I do not control?
Would adding ADDITIONAL_TRUSTED_ORIGINS in the AndroidManifest solve this if those domains don't expose assetlinks.json?
Is the only reliable solution to ensure the entire authentication flow happens under the same origin (e.g. maystok.com)?
Any advice from developers who have deployed PWAs with OAuth in TWA would be greatly appreciated.
