Discussion:
[chromium-dev] Chrome Dev 69 - Trusted web activity - Digital assets link validation for intranet/private web app seem to be failing
AnandT
2018-08-08 15:29:58 UTC
Permalink
Should the website accessed as "Trusted Web activity" be in public domain?


I've followed this doc
<https://developers.google.com/web/updates/2017/10/using-twa> to

1. Create a wrapper Android app based on this sample project
<https://github.com/GoogleChrome/custom-tabs-client/tree/master/svgomg> for
my UI application which runs in non-public domain in our corporate servers.
2. Add assetlinks.json in my Angular 6 PWA application, with SHA256
fingerprints of my release key.
3. Deployed the signed apk to a Android 4.4.3 device running Chrome Dev
69 and Google play services - 12.8.74.

When I run the application, everything works fine except hiding the address
bar, which makes it as a regular custom tab and not the "Trusted web"
content.

I don't see any error in the log and not sure how to debug this scenario.
Any help on this is appreciated.
--
--
Chromium Developers mailing list: chromium-***@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to the Google Groups "Chromium-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-dev+***@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/aeaa99e7-2b08-4e4b-8093-3802f036d378%40chromium.org.
Dominick Ng
2018-08-09 01:07:14 UTC
Permalink
+TWA folks.
Post by AnandT
Should the website accessed as "Trusted Web activity" be in public domain?
I've followed this doc
<https://developers.google.com/web/updates/2017/10/using-twa> to
1. Create a wrapper Android app based on this sample project
<https://github.com/GoogleChrome/custom-tabs-client/tree/master/svgomg> for
my UI application which runs in non-public domain in our corporate servers.
2. Add assetlinks.json in my Angular 6 PWA application, with SHA256
fingerprints of my release key.
3. Deployed the signed apk to a Android 4.4.3 device running Chrome
Dev 69 and Google play services - 12.8.74.
When I run the application, everything works fine except hiding the
address bar, which makes it as a regular custom tab and not the "Trusted
web" content.
I don't see any error in the log and not sure how to debug this scenario.
Any help on this is appreciated.
--
--
Chromium Developers mailing list: chromium-***@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to the Google Groups "Chromium-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-dev+***@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/8f7652ef-f28e-43e1-84d2-eadd5a995bec%40chromium.org.
Bernhard Bauer
2018-08-09 08:46:37 UTC
Permalink
Ah yes, Chrome currently uses the Digital Asset Links REST API
<https://developers.google.com/digital-asset-links/reference/rest/> provided
by Google to verify links, which means the origin needs to be publicly
accessible. That being said, something I've been considering for a while is
to just directly fetch the statement in Chrome, which would solve this use
case.

Bernhard.
Post by Dominick Ng
+TWA folks.
Post by AnandT
Should the website accessed as "Trusted Web activity" be in public domain?
I've followed this doc
<https://developers.google.com/web/updates/2017/10/using-twa> to
1. Create a wrapper Android app based on this sample project
<https://github.com/GoogleChrome/custom-tabs-client/tree/master/svgomg> for
my UI application which runs in non-public domain in our corporate servers.
2. Add assetlinks.json in my Angular 6 PWA application, with SHA256
fingerprints of my release key.
3. Deployed the signed apk to a Android 4.4.3 device running Chrome
Dev 69 and Google play services - 12.8.74.
When I run the application, everything works fine except hiding the
address bar, which makes it as a regular custom tab and not the "Trusted
web" content.
I don't see any error in the log and not sure how to debug this scenario.
Any help on this is appreciated.
--
--
Chromium Developers mailing list: chromium-***@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to the Google Groups "Chromium-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-dev+***@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/CAAAptOxFfSDf49v8An0KYDpqqNKru37kk-5V%2B%2BP1MeRfrOOx9g%40mail.gmail.com.
Bernhard Bauer
2018-08-09 14:08:47 UTC
Permalink
Thanks for the response Bernhard. That would great and will make it inline
with how Chrome evaluates sites PWA criteria by itself. Is that something
we can expect in Chrome 69 stable or some future Beta releases?
We might be able to get this in for Chrome 70, which is also the earliest
milestone where TWAs might be available on Stable (we can't promise that
though, sorry).
I'm willing to help on this regard in creating request, testing or making
the change itself if I can get some inputs.
Verifying the TWA criteria in Chrome itself will be a lifesaving solution
for our enterprise - *The Home Depot*(and understandably many others
too). We are having* 20k plus Android Enterprise phones(Motorola TC70)
running Android 4.4 with Webview - Chromium v33* and stuck with that for
different dependencies.
PWA packed in native app as TWA is the best solution we got to selectively
upgrade applications. But got stuck with this one last step.
Yeah, updateability is definitely one of the reasons for us to support
TWAs. Thanks for letting us know!

Bernhard.
Thanks,
Anand
404-451-1451
Post by Bernhard Bauer
Ah yes, Chrome currently uses the Digital Asset Links REST API
<https://developers.google.com/digital-asset-links/reference/rest/> provided
by Google to verify links, which means the origin needs to be publicly
accessible. That being said, something I've been considering for a while is
to just directly fetch the statement in Chrome, which would solve this use
case.
Bernhard.
Post by Dominick Ng
+TWA folks.
Post by AnandT
Should the website accessed as "Trusted Web activity" be in public domain?
I've followed this doc
<https://developers.google.com/web/updates/2017/10/using-twa> to
1. Create a wrapper Android app based on this sample project
<https://github.com/GoogleChrome/custom-tabs-client/tree/master/svgomg> for
my UI application which runs in non-public domain in our corporate servers.
2. Add assetlinks.json in my Angular 6 PWA application, with SHA256
fingerprints of my release key.
3. Deployed the signed apk to a Android 4.4.3 device running Chrome
Dev 69 and Google play services - 12.8.74.
When I run the application, everything works fine except hiding the
address bar, which makes it as a regular custom tab and not the "Trusted
web" content.
I don't see any error in the log and not sure how to debug this
scenario. Any help on this is appreciated.
--
--
Post by Bernhard Bauer
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to a topic in the
Post by Bernhard Bauer
Google Groups "Chromium-dev" group.
To unsubscribe from this topic, visit
https://groups.google.com/a/chromium.org/d/topic/chromium-dev/Ki3TZIGfmTY/unsubscribe
.
To unsubscribe from this group and all its topics, send an email to
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/CAAAptOxFfSDf49v8An0KYDpqqNKru37kk-5V%2B%2BP1MeRfrOOx9g%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/CAAAptOxFfSDf49v8An0KYDpqqNKru37kk-5V%2B%2BP1MeRfrOOx9g%40mail.gmail.com?utm_medium=email&utm_source=footer>
.
--
--
Chromium Developers mailing list: chromium-***@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to the Google Groups "Chromium-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-dev+***@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/CAAAptOz-9vOL%3D99WdKaJbJbTB0sf5ZKk4sk5rCG9CgapKGhKig%40mail.gmail.com.
AnandT
2018-09-06 18:24:05 UTC
Permalink
Hi Bernhard,
Any plans to move assets validation to browser side to support private web
apps? It would help huge pile of old Android Enterprise devices out there,
including our 20K devices.

Would be happy to know if there is any workaround or alternate options to
wrap our PWA and distribute to enterprise devices. Since these devices are
enterprise managed, we can do some outside app settings if required.

Thanks,
Anand
Post by Bernhard Bauer
Ah yes, Chrome currently uses the Digital Asset Links REST API
<https://developers.google.com/digital-asset-links/reference/rest/> provided
by Google to verify links, which means the origin needs to be publicly
accessible. That being said, something I've been considering for a while is
to just directly fetch the statement in Chrome, which would solve this use
case.
Bernhard.
Post by Dominick Ng
+TWA folks.
Post by AnandT
Should the website accessed as "Trusted Web activity" be in public domain?
I've followed this doc
<https://developers.google.com/web/updates/2017/10/using-twa> to
1. Create a wrapper Android app based on this sample project
<https://github.com/GoogleChrome/custom-tabs-client/tree/master/svgomg> for
my UI application which runs in non-public domain in our corporate servers.
2. Add assetlinks.json in my Angular 6 PWA application, with SHA256
fingerprints of my release key.
3. Deployed the signed apk to a Android 4.4.3 device running Chrome
Dev 69 and Google play services - 12.8.74.
When I run the application, everything works fine except hiding the
address bar, which makes it as a regular custom tab and not the "Trusted
web" content.
I don't see any error in the log and not sure how to debug this
scenario. Any help on this is appreciated.
--
--
Chromium Developers mailing list: chromium-***@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to the Google Groups "Chromium-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-dev+***@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/e9742cc7-30ca-4fcd-882e-313fe867a1f0%40chromium.org.
Bernhard Bauer
2018-09-07 10:20:13 UTC
Permalink
Hi Anand,

we ran into some issues that need to be fixed before TWAs will launch on
stable. Chrome 71 is the earliest release now, but again we can't actually
promise a fixed date. I think it should be feasible to implement native
validation before we launch TWAs -- right, Peter?

Bernhard.
Post by AnandT
Hi Bernhard,
Any plans to move assets validation to browser side to support private web
apps? It would help huge pile of old Android Enterprise devices out there,
including our 20K devices.
Would be happy to know if there is any workaround or alternate options to
wrap our PWA and distribute to enterprise devices. Since these devices are
enterprise managed, we can do some outside app settings if required.
Thanks,
Anand
Post by Bernhard Bauer
Ah yes, Chrome currently uses the Digital Asset Links REST API
<https://developers.google.com/digital-asset-links/reference/rest/> provided
by Google to verify links, which means the origin needs to be publicly
accessible. That being said, something I've been considering for a while is
to just directly fetch the statement in Chrome, which would solve this use
case.
Bernhard.
Post by Dominick Ng
+TWA folks.
Post by AnandT
Should the website accessed as "Trusted Web activity" be in public domain?
I've followed this doc
<https://developers.google.com/web/updates/2017/10/using-twa> to
1. Create a wrapper Android app based on this sample project
<https://github.com/GoogleChrome/custom-tabs-client/tree/master/svgomg> for
my UI application which runs in non-public domain in our corporate servers.
2. Add assetlinks.json in my Angular 6 PWA application, with SHA256
fingerprints of my release key.
3. Deployed the signed apk to a Android 4.4.3 device running Chrome
Dev 69 and Google play services - 12.8.74.
When I run the application, everything works fine except hiding the
address bar, which makes it as a regular custom tab and not the "Trusted
web" content.
I don't see any error in the log and not sure how to debug this
scenario. Any help on this is appreciated.
--
--
Chromium Developers mailing list: chromium-***@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to the Google Groups "Chromium-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-dev+***@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/CAAAptOwXoM2uM%3D-GYDv6Zv6Vu3URoGmwQcUhr0c0OekBZicK%2Bw%40mail.gmail.com.
AnandT
2018-09-07 17:54:40 UTC
Permalink
Thanks for the update Bernhard.
We are fine using this feature in Chrome Beta/Canary as well if we could
get the TWA validation native in browser.
Post by Bernhard Bauer
Hi Anand,
we ran into some issues that need to be fixed before TWAs will launch on
stable. Chrome 71 is the earliest release now, but again we can't actually
promise a fixed date. I think it should be feasible to implement native
validation before we launch TWAs -- right, Peter?
Bernhard.
Post by AnandT
Hi Bernhard,
Any plans to move assets validation to browser side to support private
web apps? It would help huge pile of old Android Enterprise devices out
there, including our 20K devices.
Would be happy to know if there is any workaround or alternate options to
wrap our PWA and distribute to enterprise devices. Since these devices are
enterprise managed, we can do some outside app settings if required.
Thanks,
Anand
Post by Bernhard Bauer
Ah yes, Chrome currently uses the Digital Asset Links REST API
<https://developers.google.com/digital-asset-links/reference/rest/> provided
by Google to verify links, which means the origin needs to be publicly
accessible. That being said, something I've been considering for a while is
to just directly fetch the statement in Chrome, which would solve this use
case.
Bernhard.
Post by Dominick Ng
+TWA folks.
Post by AnandT
Should the website accessed as "Trusted Web activity" be in public domain?
I've followed this doc
<https://developers.google.com/web/updates/2017/10/using-twa> to
1. Create a wrapper Android app based on this sample project
<https://github.com/GoogleChrome/custom-tabs-client/tree/master/svgomg> for
my UI application which runs in non-public domain in our corporate servers.
2. Add assetlinks.json in my Angular 6 PWA application, with
SHA256 fingerprints of my release key.
3. Deployed the signed apk to a Android 4.4.3 device running Chrome
Dev 69 and Google play services - 12.8.74.
When I run the application, everything works fine except hiding the
address bar, which makes it as a regular custom tab and not the "Trusted
web" content.
I don't see any error in the log and not sure how to debug this
scenario. Any help on this is appreciated.
--
--
Chromium Developers mailing list: chromium-***@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to the Google Groups "Chromium-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-dev+***@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/6a224634-5e3f-4cce-b202-6d365139f154%40chromium.org.
Sam
2018-12-07 20:25:34 UTC
Permalink
Is TWA validation going to happen in browser to support offline browser?
Any scope for private/enterprise web apps which needs this feature?
Post by Bernhard Bauer
Ah yes, Chrome currently uses the Digital Asset Links REST API
<https://developers.google.com/digital-asset-links/reference/rest/> provided
by Google to verify links, which means the origin needs to be publicly
accessible. That being said, something I've been considering for a while is
to just directly fetch the statement in Chrome, which would solve this use
case.
Bernhard.
Post by Dominick Ng
+TWA folks.
Post by AnandT
Should the website accessed as "Trusted Web activity" be in public domain?
I've followed this doc
<https://developers.google.com/web/updates/2017/10/using-twa> to
1. Create a wrapper Android app based on this sample project
<https://github.com/GoogleChrome/custom-tabs-client/tree/master/svgomg> for
my UI application which runs in non-public domain in our corporate servers.
2. Add assetlinks.json in my Angular 6 PWA application, with SHA256
fingerprints of my release key.
3. Deployed the signed apk to a Android 4.4.3 device running Chrome
Dev 69 and Google play services - 12.8.74.
When I run the application, everything works fine except hiding the
address bar, which makes it as a regular custom tab and not the "Trusted
web" content.
I don't see any error in the log and not sure how to debug this
scenario. Any help on this is appreciated.
--
--
Chromium Developers mailing list: chromium-***@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to the Google Groups "Chromium-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-dev+***@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/9199eb97-0283-4404-99e6-09403ed22703%40chromium.org.
Loading...