package main import ( "embed" "encoding/base64" "encoding/json" "fmt" "html/template" "log" "net/http" "net/url" "strconv" "strings" ) //go:embed login.html var loginFS embed.FS var loginTmpl = template.Must(template.ParseFS(loginFS, "login.html")) // oauthRedirectTmpl drives the fbconnect:// hand-off via a renderer-initiated // navigation instead of a server-side 302. Android WebView does NOT invoke // WebViewClient.shouldOverrideUrlLoading for 302 redirects from POST form // submissions to non-http schemes (documented Chromium WebView limitation, // Stack Overflow #6738328 / Google issuetracker #36918490). Returning a 200 // HTML page with both and window.location.replace() // makes the cross-scheme navigation renderer-initiated, which DOES invoke // shouldOverrideUrlLoading, so the FB SDK can extract access_token from the // URL fragment and complete its login flow. html/template auto-escapes {{.}} // correctly for the meta URL-attribute context and the JS string-literal // context inside