New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 656636 link

Starred by 3 users
Status: Assigned
Owner:
timvolod...@chromium.org
Cc:
mkwst@chromium.org
boliu@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 2
Type: Bug



Sign in to add a comment

Android 7.0 Nougat's webview throws error with credential manager API

Reported by k...@kayak.com, Oct 17 2016 
Steps to reproduce the problem:
1. Load the latest KAYAK Android app
2. search for a flight from PAR to LON
3. go into the webview ordering page for any Easyjet result (should be near the top of the results list)
4. connect a debug tool to hook into the webview javascript console (I had to modify the code to use Stetho but you guys probably have better internal tools for this :-)
5. click on the Log In link and see the error in the Javascript console

What is the expected behavior?
Clicking on the Sign In link that uses credential manager API should bring up the standard login form instead of throw an error in the console

What went wrong?
Only in Android 7.0 Nougat webviews, using the credential manager API throws an error into the Javascript console.  See attached file.

Did this work before? Yes Works fine in Android 6.x, 5.x, 4.x.

Does this work in other browsers? N/A

Chrome version: 53.0.2785.124  Channel: stable
OS Version: 7.0
Flash Version: Shockwave Flash 23.0 r0

This seems somewhat related...seems like credential manager doesn't work in Android webviews:
https://bugs.chromium.org/p/chromium/issues/detail?id=589829&q=credential%20manager%20android%20webview&colspec=ID%20Pri%20M%20Stars%20ReleaseBlock%20Component%20Status%20Owner%20Summary%20OS%20Modified

But the behavior of the webview is now different from previous versions of Android...throws an error that seems to originate from Chrome's source code:
CredentialManagerClient* client = CredentialManagerClient::from(
      resolver->getScriptState()->getExecutionContext());
  if (!client) {
    resolver->reject(DOMException::create(
        InvalidStateError,
        "Could not establish connection to the credential manager."));
    return false;
  }

Comment 1 by k...@kayak.com, Oct 17 2016

Screen Shot 2016-10-14 at 4.36.56 PM.png
655 KB View Download

Comment 2 by rsgav...@chromium.org, Oct 17 2016

Components: Mobile>WebView

Comment 3 by ti...@chromium.org, Oct 17 2016

Owner: rsgav...@chromium.org
Is this a regression? The bug description mentioned the problem only happens in Android N, but does not indicate the WebView version. Could you figure out what WebView version does it start?

Comment 4 by k...@kayak.com, Oct 17 2016 

That's the odd part...the webview version is 4.3 according to play store on all devices  (Android 5.1, Android 6.0, Android 7.0).  The behavior above is only on Android 7.0...works fine in other Android versions w/ the same webview).

Comment 5 by satyavat...@chromium.org, Oct 17 2016

Owner: ----

Comment 6 by ti...@chromium.org, Oct 18 2016 

I tested the latest ToT (56.0.2890.0) with both Android M (Nexus 5) and Android N (Nexus 6P). It behaves the same and I see the exception.

10-17 18:32:35.497 19067 19067 I chromium: [INFO:CONSOLE(0)] "Uncaught (in promise) InvalidStateError: Could not establish connection to the credential manager.", source: https://www.kayak.com/flightreservation?searchID=trACDwn281&resultID=80cf4bfa4159ec43e5086da8943316f6&clickId=9cqJ4vp6ML1BR2KwwKP7Mw&subOptId=E-105a2f676c1&ProvidedByCode=23&searchTime=0&providerCode=U2&NumAdults=1&NumChildren=0&NumInfantsLap=0&Cabin=Economy (0)


CredentialManagerClient::from()
https://cs.chromium.org/chromium/src/third_party/WebKit/Source/modules/credentialmanager/CredentialManagerClient.cpp?rcl=0&l=38
return 0,  provideCredentialManagerClientTo()
https://cs.chromium.org/chromium/src/third_party/WebKit/Source/modules/credentialmanager/CredentialManagerClient.cpp?rcl=0&l=43
is never called.

Comment 7 by ti...@chromium.org, Oct 18 2016

Cc: mkwst@chromium.org boliu@chromium.org
Owner: timvolod...@chromium.org
Status: Assigned (was: Unconfirmed)
Assigning to timvolodine@ who dealt with Issue 589829, please feel free to reassign back to me if you feel it is wrong.

Comment 8 by k...@kayak.com, Oct 18 2016 

FYI, this is what I see on Android 5.1 w/ the same Webview version and same Chrome version (latest off app store)
Screen Shot 2016-10-18 at 9.45.05 AM.png
480 KB View Download
Screen Shot 2016-10-18 at 9.56.33 AM.png
114 KB View Download

Comment 9 by k...@kayak.com, Oct 18 2016 

There are some errors in the console, but nothing related to the credential manager

Comment 10 by timvolod...@chromium.org, Oct 18 2016 

perhaps better to address to mkwst@ who is familiar with credential manager api

Comment 11 by k...@kayak.com, Feb 3 2017 

FYI, we're pulling out Credentials Manager support for now until it functions better.

Please test w/ all the different Android webviews and fallback gracefully.  FWIW, it does work fine w/ Chrome Custom tabs, but we can't use them because we need to inject a few cookies to synchronize the Android app session w/ the CCT user (which apparently you guys think is a security hole, so it won't be supported by CCT so we can't use CCT either)-:

Comment 12 by robert.k...@bestbuy.com, Mar 21 2017 

Starting in Android 7.0, the component is no longer the older Android WebView but rather is now Chrome itself. See https://developer.android.com/about/versions/nougat/android-7.0.html.

The Chrome app on Android 7.0 does not exhibit the problem when accessing a website. The problem is only with a Chrome-based WebView accessing the same website.

Sign in to add a comment