PM-26577: Feat: Support multiple schemes for Duo, WebAuthn, and SSO callbacks

[david-livefront]

🎟️ Tracking

PM-26577

📔 Objective

This PR updates the Duo and WebAuthn logic to send the appropriate deeplink scheme data.

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[david-livefront]

This parent param is required by the WebAuthn Connector but it does not really use the value.

I have an open question about what I should be sending here.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.43%. Comparing base (fa219f6) to head (5ccc8a8).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6339      +/-   ##
==========================================
- Coverage   86.66%   86.43%   -0.23%     
==========================================
  Files         901      876      -25     
  Lines       64860    63893     -967     
  Branches     9260     9248      -12     
==========================================
- Hits        56211    55229     -982     
- Misses       5464     5480      +16     
+ Partials     3185     3184       -1     

Flag	Coverage Δ
app-data	17.45% <100.00%> (+0.20%)	⬆️
app-ui-auth-tools	18.97% <30.00%> (+0.14%)	⬆️
app-ui-platform	16.44% <0.00%> (+0.03%)	⬆️
app-ui-vault	27.73% <0.00%> (-0.57%)	⬇️
authenticator	6.20% <0.00%> (+<0.01%)	⬆️
lib-core-network-bridge	4.07% <0.00%> (-0.01%)	⬇️
lib-data-ui	1.14% <10.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Checkmarx One – Scan Summary & Details – 0319e43d-3ecf-4f86-abef-2d9d0b2ab80d

Great job! No new security vulnerabilities introduced in this pull request

[claude]

Claude finished @david-livefront's task in 4m 20s —— View job

---

Code Review Summary

PR: PM-26577: Support multiple schemes for Duo, WebAuthn, and SSO callbacks

Overview

This PR activates HTTPS app links for Duo, WebAuthn, and SSO authentication callbacks on known environments (US, EU, Internal), replacing the bitwarden:// custom URI scheme with https:// scheme. Self-hosted environments continue to use the custom scheme. This is a security improvement -- HTTPS app links with autoVerify="true" are resistant to scheme hijacking compared to custom URI schemes.

Changes Reviewed

File	Change
AndroidManifest.xml	Added bitwarden.pw host for Internal environment app link verification
EnvironmentUrlDataJsonExtensions.kt (app)	Switched US/EU/Internal from CustomScheme to HttpsScheme with correct host/path mappings
EnvironmentUrlDataJsonExtensions.kt (data)	Returns "https" for US/EU/Internal appLinksScheme
AuthRepositoryTest.kt	Updated DEEPLINK_SCHEME from "bitwarden" to "https"
EnvironmentUrlDataJsonExtensionsTest.kt (app)	Updated all assertions to use HttpsScheme with correct hosts
EnvironmentUrlsDataJsonExtensionsTest.kt (data)	Updated expected scheme to "https" for US/EU/Internal
EnterpriseSignOnViewModelTest.kt	Updated SSO AuthTabData expectations
TwoFactorLoginViewModelTest.kt	Updated Duo and WebAuthn AuthTabData expectations

Findings

✅ No new issues found in this PR's changed code.

Category	Status
Security	HTTPS app links improve security over custom URI schemes
Correctness	Environment-to-host mapping is correct (US=bitwarden.com, EU=bitwarden.eu, Internal=bitwarden.pw)
Manifest	Intent filter with autoVerify="true" correctly lists all three hosts and path patterns
Backward Compat	Self-hosted environments retain bitwarden:// custom scheme -- no breaking change
Test Coverage	All environment types and callback kinds (duo, webauthn, sso) covered; Codecov confirms 100% on modified lines
Model correctness	HttpsScheme.callbackUrl computes as "https://$host/$path" (e.g., https://bitwarden.com/duo-callback)
TODO cleanup	All // TODO: PM-26577 comments properly removed

Pre-existing Issue (not in this PR's diff)

⚠️ IntentManagerImpl.kt line 97 on main still contains "\\${authTabData.path}" which produces a backslash-prefixed path (e.g., \duo-callback instead of /duo-callback). This was introduced in PM-31953 and has an existing unresolved thread on this PR.

This matters for this PR because it activates the HttpsScheme code path for US/EU/Internal environments for the first time. On devices that support AuthTab, AuthTabIntent.launch() will receive \duo-callback instead of /duo-callback, which may break authentication redirect verification. The fix is to change "\\" to "/" in IntentManagerImpl.kt:97. This should be addressed before or alongside merging.

---

Reviewed by Claude Code -- Re-review after rebase onto main (bb33db6). No issues in the PR diff itself.

[github-actions]

🤖 Bitwarden Claude Code Review

Overall Assessment: APPROVE

This PR completes the planned migration from custom-scheme callbacks (bitwarden://) to HTTPS app links for the predefined US/EU/INTERNAL environments, removing the TODO: PM-26577 markers. AuthTabData.HttpsScheme is now returned by duoAuthTabData, webAuthnAuthTabData, and ssoAuthTabData for those regions, and appLinksScheme returns "https" for them while SELF_HOSTED continues to use the bitwarden scheme. The AuthCallbackActivity intent-filter adds bitwarden.pw alongside bitwarden.com/bitwarden.eu, and the legacy bitwarden://*-callback intent-filters remain in place as a fallback. Unit tests across AuthRepositoryTest, EnvironmentUrlDataJsonExtensionsTest, EnvironmentUrlsDataJsonExtensionsTest, EnterpriseSignOnViewModelTest, and TwoFactorLoginViewModelTest have been updated consistently with the new expectations.

Code Review Details

No findings.

Notes (informational, not blocking):

• The PR description notes this was on hold pending WebConnector updates; confirm those server-side changes are deployed before this is merged so that Duo/SSO/WebAuthn flows resolve to https://bitwarden.{com,eu,pw}/<kind>-callback correctly.
• The HTTPS app link behavior depends on Digital Asset Links (assetlinks.json) being served from the three apex hosts so that autoVerify="true" succeeds; this is an operational concern outside the diff.

[vvolkgang]

[david-livefront]

Thanks @vvolkgang