Digital asset link verification issue

im working on digital asset link and i always get a fail verification, the requirements are correct as it works in my current hosting.

i am hoping to get the same result here as i plan to transfer hosting providers if i am satisfied. are there issues on the free ssl with regards to verifying digital asset links?

i have placed the .well-known/assetlinks.json file/folder in htdocs.

Hello there,

May I ask what is this “Digital Asset Link” thingy?
Is it this https://developers.google.com/digital-asset-links?

Here are some possible uses for Digital Asset Links:

  • Website A declares that links to its site should open in a designated app on mobile devices, if the app is installed.
  • Website A declares that it can share its Chrome user credentials with website B so that the user won’t have to log in to website B if it is logged into website A.
  • App A declares that it can share device settings, such as location, with website B.

While I’m not sure but I think this is because of the security system. You might want to read this KB article:

3 Likes

hi. yes. that’s the one. the file requirements are all correct, even inside my android app. i have a different hosting site and it works if i use the subdomain or main domain there.

but if i use the subdomain like infinityfreeapp or epizy, verification fails.

my android app actually uses a trustedWebActivity which is a Chrome browser instance so it should not apply to that security restriction. the purpose for this is that the toolbar can be hidden if verification is successful for .well-known/assetlinks.json from the app to this file communication.

or… can an @Admin please confirm this, if it falls under the security restriction?

ok never mind. seems it is not possible since even trying to use postman doesnt work. has to be a web browser that accesses the files no matter what.

Alright.

I have a very limited knowledge of how this Digital Asset Link work so I apologize that I may not be of a help to you, once Admin will be online, he can help you.

As what I understand, your app will be accessing your site and will look for assetlinks.json in your hidden .well-known folder to verify? This is a little bit similar to the file verification method for getting Let’s Encrypt certificates (uploading the file used for verification in the .well-know folder) on web based platforms (like SSLforFree) but the verification will fail as it will be blocked by the security system. So I am wondering how your app checks the file for verification?

Also with the verification issue what error messages do you get? Do you get an Error 403 forbidden or something?

Edit:

Oh ok

1 Like

i have confirmed during testing that the security restriction messes it up. in postman, it returns some message in html code.

in the android app, it returns null.

the output should be a json file.

1 Like

I’m gonna assume it’s something like this:

<html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("d3c143e907c1d71f78f0018d7dbf3ac7");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="https://hans.epizy.com/?i=2";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>

I guess this thread is now solved.

4 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.