App cannot intercept custom URI scheme from any web browser

I’m having several issues implementing OIDC/OAuth2 authentication in my app. The authentication process fails at the callback (app.immich:///oauth-callback) from the browser to my app. I’ve tried different browsers, and none of them work correctly.

Do you know what I’m doing wrong and how I should implement this authentication?

Why angelfish could miss callback (no usefull logs when it started from terminal with stdout) and maybe AppSupport can register my link handler?

Details:

Desktop File

[Desktop Entry]
Type=Application
X-Nemo-Application-Type=silica-qt5
Icon=sailmich
MimeType=x-scheme-handler/app.immich;
Exec=sailmich %u
Name=Sailmich

[X-Sailjail]Sandboxing=Disabled # tried with sailjail too

MIME Type

xdg-open app.immich:///oauth-callback works correctly

Browsers:

Jolla Browser

The Authentik page doesn’t even display. But manually entered link “app.immich:///oauth-callback“ successfully redirects to my app.

Angelfish

Successful login, but no response to the app callback. Manually entered link doesn’t redirect to app.

Firefox (Fennec FDroid) and Chrome (Google Play) AppSupport

Successful login, but only redirects to the Android app (immich Android client). Tried restarting and jailbreaking the app – no luck. Manually entered link works only with android app

There needs to be a newline between ] and S

It’s just for post, delete \n accidentally in forum editor

Real .desktop:

[Desktop Entry]
Type=Application
X-Nemo-Application-Type=silica-qt5
Icon=sailmich
MimeType=x-scheme-handler/app.immich;
Exec=sailmich %u
Name=Sailmich


[X-Sailjail]
Sandboxing=Disabled
#OrganizationName=ru.brzezinski
#ApplicationName=sailmich
#Permissions=UserDirs;Internet;Secrets

Am I wrong or is there a “;” in the end of app.immich ? Is that supposed to be there?

EDIT: Looking at the doc:

“MimeType=x-scheme-handler/http” which registers handler for a url scheme, or
“MimeType=x-url-handler/” as special case for registering http(s) url handler for a specific hostname, e.g. if there’s an application created for a specific web service.

it appears the second one might be better suited for your use case? Though I must admit, linking a Mime type over a hostname seems… unkosher…

Minor update.

Angelfish doesn’t doesn’t detect my handler or ignore it at all.

Android Browsers doesn’t detect my handler.

x-scheme-handler works in the Jolla browser. Redirection occurs correctly when using Google authentication, but only after restarting the browser. Authentik doesn’t even display the password entry page. I think this is an issue with the old browser engine.