From f1cfb3c59265246e7a10124613baad66d92d4d5f Mon Sep 17 00:00:00 2001
From: Francesco-Voto <francesco.voto@nearform.com>
Date: Fri, 7 Nov 2025 15:43:52 +0100
Subject: [PATCH 1/3] build: update androidx.browser:browser

---
 packages/react-native-app-auth/android/build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/react-native-app-auth/android/build.gradle b/packages/react-native-app-auth/android/build.gradle
index 9aab5651..b59da93d 100644
--- a/packages/react-native-app-auth/android/build.gradle
+++ b/packages/react-native-app-auth/android/build.gradle
@@ -62,5 +62,5 @@ dependencies {
     //noinspection GradleDynamicVersion
     implementation 'com.facebook.react:react-native:+'  // From node_modules
     implementation 'net.openid:appauth:0.11.1'
-    implementation 'androidx.browser:browser:1.4.0'
+    implementation 'androidx.browser:browser:1.9.0'
 }

From aba037058024e26cfa842cc73fcd784436ed7434 Mon Sep 17 00:00:00 2001
From: Francesco-Voto <francesco.voto@nearform.com>
Date: Fri, 7 Nov 2025 15:53:03 +0100
Subject: [PATCH 2/3] feat: add epehemral to android

---
 docs/docs/usage/config.md                          |  1 +
 .../main/java/com/rnappauth/RNAppAuthModule.java   | 14 +++++++++-----
 packages/react-native-app-auth/index.d.ts          |  1 +
 packages/react-native-app-auth/index.js            |  2 ++
 4 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/docs/docs/usage/config.md b/docs/docs/usage/config.md
index 47570aef..989690c0 100644
--- a/docs/docs/usage/config.md
+++ b/docs/docs/usage/config.md
@@ -48,6 +48,7 @@ See specific example [configurations for your provider](/docs/category/providers
 - **skipCodeExchange** - (`boolean`) (default: false) just return the authorization response, instead of automatically exchanging the authorization code. This is useful if this exchange needs to be done manually (not client-side)
 - **iosCustomBrowser** - (`string`) (default: undefined) _IOS_ override the used browser for authorization, used to open an external browser. If no value is provided, the `ASWebAuthenticationSession` or `SFSafariViewController` are used by the `AppAuth-iOS` library.
 - **iosPrefersEphemeralSession** - (`boolean`) (default: `false`) _IOS_ indicates whether the session should ask the browser for a private authentication session.
+-**androidPrefersEphemeralSession** - (`boolean`) (default: `false`) _ANDROID_ indicates whether the session should ask the browser for a private authentication session.
 - **androidAllowCustomBrowsers** - (`string[]`) (default: undefined) _ANDROID_ override the used browser for authorization. If no value is provided, all browsers are allowed.
 - **androidTrustedWebActivity** - (`boolean`) (default: `false`) _ANDROID_ Use [`EXTRA_LAUNCH_AS_TRUSTED_WEB_ACTIVITY`](https://developer.chrome.com/docs/android/trusted-web-activity/) when opening web view.
 - **connectionTimeoutSeconds** - (`number`) configure the request timeout interval in seconds. This must be a positive number. The default values are 60 seconds on iOS and 15 seconds on Android.
diff --git a/packages/react-native-app-auth/android/src/main/java/com/rnappauth/RNAppAuthModule.java b/packages/react-native-app-auth/android/src/main/java/com/rnappauth/RNAppAuthModule.java
index dd35442d..19f26ff0 100644
--- a/packages/react-native-app-auth/android/src/main/java/com/rnappauth/RNAppAuthModule.java
+++ b/packages/react-native-app-auth/android/src/main/java/com/rnappauth/RNAppAuthModule.java
@@ -243,6 +243,7 @@ public void authorize(
             final ReadableMap customHeaders,
             final ReadableArray androidAllowCustomBrowsers,
             final boolean androidTrustedWebActivity,
+            final boolean androidPrefersEphemeralSession,
             final Promise promise) {
         this.parseHeaderMap(customHeaders);
         final ConnectionBuilder builder = createConnectionBuilder(dangerouslyAllowInsecureHttpRequests,
@@ -277,7 +278,8 @@ public void authorize(
                         useNonce,
                         usePKCE,
                         additionalParametersMap,
-                        androidTrustedWebActivity);
+                        androidTrustedWebActivity,
+                        androidPrefersEphemeralSession);
             } catch (ActivityNotFoundException e) {
                 promise.reject("browser_not_found", e.getMessage());
             } catch (Exception e) {
@@ -308,7 +310,8 @@ public void onFetchConfigurationCompleted(
                                         useNonce,
                                         usePKCE,
                                         additionalParametersMap,
-                                        androidTrustedWebActivity);
+                                        androidTrustedWebActivity,
+                                        androidPrefersEphemeralSession);
                             } catch (ActivityNotFoundException e) {
                                 promise.reject("browser_not_found", e.getMessage());
                             } catch (Exception e) {
@@ -660,7 +663,8 @@ private void authorizeWithConfiguration(
             final Boolean useNonce,
             final Boolean usePKCE,
             final Map<String, String> additionalParametersMap,
-            final Boolean androidTrustedWebActivity) {
+            final Boolean androidTrustedWebActivity,
+            final Boolean androidPrefersEphemeralSession) {
 
         String scopesString = null;
 
@@ -731,8 +735,8 @@ private void authorizeWithConfiguration(
             AuthorizationService authService = new AuthorizationService(context, appAuthConfiguration);
 
             CustomTabsIntent.Builder intentBuilder = authService.createCustomTabsIntentBuilder();
-            CustomTabsIntent customTabsIntent = intentBuilder.build();
-
+            CustomTabsIntent customTabsIntent = intentBuilder.setEphemeralBrowsingEnabled(androidPrefersEphemeralSession).build();
+            
             if (androidTrustedWebActivity) {
                 customTabsIntent.intent.putExtra(TrustedWebUtils.EXTRA_LAUNCH_AS_TRUSTED_WEB_ACTIVITY, true);
             }
diff --git a/packages/react-native-app-auth/index.d.ts b/packages/react-native-app-auth/index.d.ts
index 0c59626f..113294b3 100644
--- a/packages/react-native-app-auth/index.d.ts
+++ b/packages/react-native-app-auth/index.d.ts
@@ -89,6 +89,7 @@ export type AuthConfiguration = BaseAuthConfiguration & {
     | 'samsungCustomTab'
   )[];
   androidTrustedWebActivity?: boolean;
+  androidPrefersEphemeralSession?: boolean;
   iosPrefersEphemeralSession?: boolean;
 };
 
diff --git a/packages/react-native-app-auth/index.js b/packages/react-native-app-auth/index.js
index 7b8f4a4a..5860e6ee 100644
--- a/packages/react-native-app-auth/index.js
+++ b/packages/react-native-app-auth/index.js
@@ -214,6 +214,7 @@ export const authorize = ({
   androidTrustedWebActivity = false,
   connectionTimeoutSeconds,
   iosPrefersEphemeralSession = false,
+  androidPrefersEphemeralSession = false
 }) => {
   validateIssuerOrServiceConfigurationEndpoints(issuer, serviceConfiguration);
   validateClientId(clientId);
@@ -243,6 +244,7 @@ export const authorize = ({
     nativeMethodArguments.push(customHeaders);
     nativeMethodArguments.push(androidAllowCustomBrowsers);
     nativeMethodArguments.push(androidTrustedWebActivity);
+    nativeMethodArguments.push(androidPrefersEphemeralSession);
   }
 
   if (Platform.OS === 'ios') {

From b3be03295eb4c37100fd5c1da86dceab7b97cebe Mon Sep 17 00:00:00 2001
From: Francesco-Voto <francesco.voto@nearform.com>
Date: Fri, 7 Nov 2025 16:23:41 +0100
Subject: [PATCH 3/3] test: update tests

---
 packages/react-native-app-auth/index.spec.js | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/packages/react-native-app-auth/index.spec.js b/packages/react-native-app-auth/index.spec.js
index 7ed3ba19..7800a6db 100644
--- a/packages/react-native-app-auth/index.spec.js
+++ b/packages/react-native-app-auth/index.spec.js
@@ -69,6 +69,7 @@ describe('AppAuth', () => {
     iosPrefersEphemeralSession: true,
     androidAllowCustomBrowsers: ['chrome'],
     androidTrustedWebActivity: false,
+    androidPrefersEphemeralSession: true
   };
 
   const registerConfig = {
@@ -745,7 +746,8 @@ describe('AppAuth', () => {
             false,
             config.customHeaders,
             config.androidAllowCustomBrowsers,
-            config.androidTrustedWebActivity
+            config.androidTrustedWebActivity,
+            config.androidPrefersEphemeralSession
           );
         });
       });
@@ -769,7 +771,8 @@ describe('AppAuth', () => {
             false,
             config.customHeaders,
             config.androidAllowCustomBrowsers,
-            config.androidTrustedWebActivity
+            config.androidTrustedWebActivity,
+            config.androidPrefersEphemeralSession
           );
         });
 
@@ -791,7 +794,8 @@ describe('AppAuth', () => {
             false,
             config.customHeaders,
             config.androidAllowCustomBrowsers,
-            config.androidTrustedWebActivity
+            config.androidTrustedWebActivity,
+            config.androidPrefersEphemeralSession
           );
         });
 
@@ -813,7 +817,8 @@ describe('AppAuth', () => {
             true,
             config.customHeaders,
             config.androidAllowCustomBrowsers,
-            config.androidTrustedWebActivity
+            config.androidTrustedWebActivity,
+            config.androidPrefersEphemeralSession
           );
         });
       });
@@ -844,7 +849,8 @@ describe('AppAuth', () => {
             false,
             customHeaders,
             config.androidAllowCustomBrowsers,
-            config.androidTrustedWebActivity
+            config.androidTrustedWebActivity,
+            config.androidPrefersEphemeralSession
           );
         });
       });