I am trying to implement an SSO login in a native Android app and want to follow the best practices outlined in RFC 8252 (OAuth 2.0 for Native Apps). This requires using Custom Tabs rather than WebViews:
B.2. Android Implementation Details
Apps can initiate an authorization request in the browser, without the user leaving the app, through the Android Custom Tab feature, which implements the in-app browser tab pattern. The user's default browser can be used to handle requests when no browser supports Custom Tabs.
The login process is working correctly, but once a user logs in with a specific account in a Chrome Custom Tab, it is not possible to log in with a different account without manually logging out in Chrome.
On iOS, this issue can be addressed using an ASWebAuthenticationSession with the prefersEphemeralWebBrowserSession parameter set to true, but this solution is not available on Android.
Chrome does offer experimental support for Incognito Custom Tabs, but this requires user opt-in and displays a privacy warning when the deep link to the app is fired.
I am looking for a solution that allows a native Android app to support multiple SSO providers and allows users to log in with different accounts without requiring manual logout in Chrome.
