Immich Android OAuth Hangs: Troubleshooting & Fixes

by Admin 52 views
Immich Android OAuth Hangs: Troubleshooting & Fixes

Hey guys! If you're struggling with Immich's OAuth redirect hanging on your Android phone, especially after setting up Google Sign-in, you're not alone. I've been there, and I know how frustrating it can be. This article dives deep into the issue, why it happens, and a solution that might just save your day. We'll explore the problem, the symptoms, and the workaround that helped me get things running smoothly. This is specifically for those using Immich on TrueNas and experiencing issues with the mobile OAuth redirect. Let's get into it!

Understanding the Problem: Why Your OAuth Redirect is Hanging

Let's break down the issue. The core problem lies in how the Android Chrome browser and newer Android versions handle the 307 Temporary Redirect used by Immich for mobile OAuth. When you try to sign in with Google, here's what typically happens:

  1. You're redirected to Google for authentication.
  2. After choosing your account, Google redirects you back to Immich using the mobile redirect URL (e.g., https://example.com/api/oauth/mobile-redirect).
  3. Immich then sends a 307 Temporary Redirect to app.immich:///oauth-callback, which is intended to open the Immich app.

However, on some Android versions (like the Pixel 9 with Android 16, as reported), the Chrome webview gets stuck at the redirect stage. It just hangs, and the Immich app never opens. This is the primary symptom. You're left staring at a loading screen, and nothing happens. This seems to be a conflict between how Chrome and Android manage the redirect to an app intent.

I've confirmed that a direct link to the app.immich:///oauth-callback does open the app. The hang occurs specifically when going through the OAuth flow. This highlights that the issue isn't with the Immich app itself, but rather with the redirection process initiated by the server.

In essence, the problem is like a broken bridge. The server (Immich) is trying to send you (the user) across a bridge (the redirect), but the bridge is collapsed on the Android side, preventing you from reaching your destination (the Immich app). The default setup with the api/oauth/mobile-redirect endpoint seems to be the culprit. Let's look at the fix, which involves a clever workaround using a custom HTML page.

Keywords:

  • OAuth redirect issues
  • Android 16
  • Chrome webview hangs
  • Immich app sign-in

Diagnosing the Hang: Confirming the Root Cause

Before we jump into the fix, let's look at the steps I took to diagnose the problem. This is a crucial step; it’s all about confirming that we're dealing with the same issue. I've provided the exact versions of the apps and the OS I was using, so you can check if your setup is similar.

Here’s how I confirmed the issue:

  1. Verified the Redirect: I used my phone's browser developer tools (or a similar tool) to confirm that the server was, in fact, sending a 307 Temporary Redirect to app.immich:///oauth-callback. This is key; if the redirect isn't happening correctly, the following troubleshooting steps won't work.
  2. Tested Direct App Link: As mentioned, I directly clicked a link to app.immich:///oauth-callback in Chrome. This should open the Immich app. If it does, it indicates the app is functional and the problem lies in the redirection.
  3. Tested the Mobile Redirect URL directly in the Browser: I opened https://example.com/api/oauth/mobile-redirect directly in Chrome to see if it hung. If it does, this reinforces the idea that the api/oauth/mobile-redirect is where the issue resides.

By following these steps, I was able to pinpoint the problem. These diagnostic steps are essential. They help you ensure that your setup is similar to the one that has the issue. Otherwise, you may spend hours troubleshooting something that is not related to the core problem.

If you've confirmed that your situation mirrors these steps, then the next section, detailing the solution, is for you.

Keywords:

  • Diagnosing OAuth
  • 307 Temporary Redirect
  • Chrome developer tools
  • Testing app links

Implementing the Fix: A Custom HTML Redirect

Alright, here's the magic. The fix involves creating a custom HTML page that intercepts the redirect and ensures it opens the Immich app successfully. It's like building a new bridge to get you safely to your destination. This approach uses an HTML page in your server configuration (like Nginx) to handle the redirection. It avoids the 307 Temporary Redirect directly, which seems to be the source of the trouble.

Here’s the breakdown:

  1. Create a Custom HTML Page: You need to configure your web server (e.g., Nginx, Apache) to serve a custom HTML page. This page will be responsible for redirecting the user to the Immich app. The key is the JavaScript within the HTML. This Javascript does the following: gets the query string and hash from the original request, constructs the full app.immich:///oauth-callback URL, and then redirects the browser. In my case, I have used the following custom HTML:
<html>
<head>
  <meta charset="utf-8" />
  <title>Opening Immich…</title>
  <script>
    (function() {
      var qs = window.location.search || "";
      var hash = window.location.hash || "";
      var target = "app.immich:///oauth-callback" + qs + hash;
      // try to open the Immich app with full params
      window.location = target;
    })();
  </script>
</head>
<body>
  <p>If nothing happens, 
     <a id="immich-link" href="#">tap here to continue to Immich</a>.
  </p>
  <script>
    (function() {
      var qs = window.location.search || "";
      var hash = window.location.hash || "";
      document.getElementById("immich-link").href =
        "app.immich:///oauth-callback" + qs + hash;
    })();
  </script>
</body>
</html>
  1. Configure Your Web Server: You'll need to configure your web server to serve this HTML page. In Nginx, this involves setting up a location block. This block will respond to a specific URL (e.g., /immich-mobile-redirect) and serve the HTML page.

Here's an example Nginx configuration:

location = /immich-mobile-redirect {
    default_type text/html;
    return 200 '<html>...</html>'; // Paste the HTML above here
}

  1. Update Immich OAuth Settings: Modify the OAuth settings in your Immich server to use the new redirect URL. Instead of https://example.com/api/oauth/mobile-redirect, point it to the URL of your custom HTML page (e.g., https://example.com/immich-mobile-redirect). Make sure to also add this new URL to the allowed redirect URIs in your OAuth provider settings (e.g., Google Console).

  2. Test Again: After making these changes, try the Google Sign-in process again on your Android phone. It should now redirect to the custom HTML page and then successfully open the Immich app. This happens because the HTML page triggers a direct intent to open the app, bypassing the problematic 307 redirect that was causing the hang. This fix gives you a workaround until the Immich developers or Android/Chrome resolve the underlying issue.

This fix basically replaces the standard redirect with a simpler, more direct approach that the Android/Chrome combo seems to handle better. It's a pragmatic solution that gets you back up and running. Remember to adjust the URLs to your specific setup.

Keywords:

  • Custom HTML redirect
  • Nginx configuration
  • Web server setup
  • OAuth settings

Potential Causes and Future Solutions

Let's discuss the underlying causes of this problem. While the exact reason for the 307 Temporary Redirect issue isn’t clear, it likely stems from how Android/Chrome handle app intents initiated by server redirects. It could be due to changes in how Chrome manages redirects or maybe a bug in the Chrome webview. Also, it might be related to how the Immich server sets up the redirect. I’m not sure, and I leave that to the developers.

In terms of future solutions, Immich developers might need to modify how the /api/oauth/mobile-redirect endpoint functions to better support the latest Android/Chrome versions. This might involve changing the redirect method or using a different approach to open the app. The best approach would be to update the Immich app to ensure compatibility with various Android and Chrome versions. Developers can monitor the reports and implement fixes as needed to handle the situation.

Another option is to encourage users to use deep linking if it is not enabled. Deep linking can be used to redirect users from a web page to a specific part of an app. However, this may require changes to both the Immich server and the mobile app.

Finally, keeping the Immich app updated can help to address the issue. The app developers are likely aware of the problem, and they will want to fix this by implementing new versions.

Keywords:

  • Android/Chrome compatibility
  • Immich server updates
  • Deep linking

Conclusion: Getting Your OAuth Working

So, there you have it, guys. We've tackled the Immich Android OAuth hang issue. From understanding the problem to implementing a successful workaround, this guide has given you the steps you need to fix your OAuth redirect issue.

The custom HTML redirect solution is effective. It gives you a way to bypass the browser issue and get you logged in. Remember to adjust the server configuration and the Immich OAuth settings. I really hope this article helped you to solve the issue. If you run into problems or have any other questions, feel free to share your thoughts in the comments section below. Happy photo organizing!

Keywords:

  • OAuth troubleshooting
  • Immich app login
  • Android fixes