[firebase_dynamic_links] queryParameters added to generated ShortDynamicLink are not received in FirebaseDynamicLinks.instance.onLink callback about flutterfire HOT 12 CLOSED

I'm going to try to check this this week.

EDIT: Finally I will be able to check this next week: September 23-29

from flutterfire.

I've checked on iOS and Android and I was able to retrieve the whole link with query params included.

Can you try to build the dynamic link via Firebase console to verify it is not a problem on the creation process?

from flutterfire.

Hi,
This is happening when a parameters is added to the ShortLinkURL, AFTER it has been generated.
Aka
a) Generate/Create a ShortDynamicLink.trasform it to a URI.
b) Take that URI and add some additional parameters. In my case it was going to be a more secure list id.
c) On receivers phone, when a user clicks on this "updated" URI ..the app gets launched, BUT these additional fields are not there, though no reason for them to be passed along.

from flutterfire.

@simpleapps4goodlife

Why are you adding the query params to the short link generated? I think that is not the way to go, you should pass the query params to the link before the short link is generated so Firebase returns those params in the URL resolved.

You have two ways to generate dynamic links:

• Short link
• Long links: https://firebase.google.com/docs/dynamic-links/create-manually

in both cases you can add query params to the link (in long links you have to URL encode the link in the link query param).

I think this is not a bug, we could add the original link the user clicks to PendingDynamicLinkData structure as a feature request, but I do not see any use case in which this is needed so I think we should not make the effort.

from flutterfire.

Thanks for quick response.
Here is the context:
I needed to make the link secure. I had a shared secret token which in short link was turning into 5-6 character token and was worried about it being hacked.

After creating this bug I found out about this attribute and started using that.
dynamicLinkParametersOptions: DynamicLinkParametersOptions(
shortDynamicLinkPathLength: ShortDynamicLinkPathLength.unguessable,
),

However I was still not sure if it was secure enough. As the new token though longer was around 17 characters (128 bit + 1 byte checksum?) so, I left the bug/feature request open in hope of being able to add additional longer token at end to be, doubly sure.

https://*.page.link/thPML8T8T9wqOers7

I will depend on your judgement about if it is secure enough to mark this issue close.
Thanks.

from flutterfire.

@simpleapps4goodlife

Hi, I understand your need to add some kind of security to your application, but I think the layer to do so is not in the link generation which is not secure enough, I think the way to go is once you have the dynamic link handled, combine the work in the app and server side to guarantee the user which is going to use the dynamic link can do the action the dynamic link represents.

I think you are trying to add security in a layer which is pretty issue to skip.

What do you think?

from flutterfire.

Yes.
The dynamics of the app would not allow for the mechanics of doing extra check in the app on receiving end.
Essentially the feature is equivalent to Google Drive feature of "Visible to anyone with the link".

https://drive.google.com/file/d/0BPHW_2QQcDuQc3RhjnRlcl0maWxl/view?usp=sharing

App is sharing a resource among users who otherwise have no handle to each other. Passing of link among them via messaging or email is the only way to permission the sharing of resource between them.

The issue is not a show stopper after I transitioned to "ShortDynamicLinkPathLength.unguessable". I also added extra time checks for validity of shared URL, so am more ok with what I have right now.

There could be alternate solution like adding few more bytes to the link generated to make it crypotgraphically secure. Will leave it to your discretion to close it.

from flutterfire.

Ok, I know understand your use case, I've added an attribute to PendingDynamicLinkData sourceLink with the URL the user clicked which launched the event.

Try this

  firebase_dynamic_links:
    git:
      url: https://github.com/mrmilu/flutterfire.git
      path: packages/firebase_dynamic_links
      ref: firebase_dynamic_links-0.5.0+5

from flutterfire.

Hello @jherencia @simpleapps4goodlife

I am facing the similar issue for passing and fetching query parameters for firebase dynamic links. Can you please answer me at stackoverflow question Here

Any help would be useful.

Thanks.

from flutterfire.

@JayM96 I would like not to spread the information in two channels: stackoverflow and here.

I'd be happy to help if you bring the communication here.

from flutterfire.

@jherencia I have opened an issue in the same package here. So you can answer (#1289)

Thanks for the reply

from flutterfire.

I'm going to close this as it is two major versions removed from latest, and the issue creator no longer exists.

from flutterfire.