androidandroid-webviewpayment3d-securebankid

Android: 3d-secure redirect response


I have an Android app where I am processing payments within the app. The payment also requires 3d-secure verification sometimes. So this requires redirecting the user to a webpage where they will be able to make some appropriate actions: Such as entering a code or such. In my case, the app is targeted towards Swedish users and it redirects them to a page where they must open another "bank ID" app, either on the same device or another, to perform this verification.

On our iOS app this feature works as expected. Once the user has performed the verification, the browser receives a callback which can then be used to update the app accordingly, but on Android, the WebView I am using is not notified. So I am unable, so far, to handle the user-verification event.

Does anybody have experience with this or any similar use-case? Any help is appreciated.


Solution

  • We have experienced a similar issue with Nordea's 3D Secure page in an Android WebView. It came down to the page trying to access local storage. We added the code below to the app to get it to work:

    mWebView.getSettings().setDomStorageEnabled(true);
    mWebView.getSettings().setDatabaseEnabled(true);
    
    if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT) {
      mWebView.getSettings().setDatabasePath("/data/data/" + 
        mWebView.getContext().getPackageName() + "/databases/");
    }
    
    mWebView.setWebViewClient(new WebViewClient(){
      @Override
      public boolean shouldOverrideUrlLoading(WebView view, String url) {
        if(url.startsWith("intent:")){
          Intent intent = new Intent();
          intent.setPackage("com.bankid.bus");
          intent.setAction(Intent.ACTION_VIEW);
          intent.addCategory(Intent.CATEGORY_BROWSABLE);
          intent.addCategory(Intent.CATEGORY_DEFAULT);
          intent.setType("bankid");
          intent.setData(Uri.parse("bankid://www.bankid.com?redirect=null")) ;
          startActivityForResult(intent, 0);
          return true;
        }
    
        // your existing override code goes here probably "return false"  
        // to stop webview redirects to browser.
      }
    });
    mWebView.loadUrl(url);