// Native Android leaf recipe for test-only auth bypass deep links using Revyl launch intent extras.
| name | revyl-cli-auth-bypass-android |
| description | Native Android leaf recipe for test-only auth bypass deep links using Revyl launch intent extras. |
Use this leaf skill when revyl-cli-auth-bypass has selected a native Android app. This is app code guidance, not a Revyl authentication shortcut.
For the first-pass setup, start from revyl-cli-auth-bypass; it detects the stack, applies the shared safety contract, and delegates here for Android/Kotlin implementation details.
revyl dev list, screenshots, or reports can answer the question..claude/skills slash-command discovery plus WebFetch/WebSearch or configured MCP/browser tools; Cursor .cursor/skills plus .cursor/rules/revyl-skills.mdc and available MCP/browser tools.revyl device screenshot or revyl device report instead of claiming browser access.Use one app-specific deep link shape:
myapp://revyl-auth?token=<token>&role=<role>&redirect=<allowlisted-route>
Revyl launch variables arrive in Android emulator apps as string extras on the launch intent:
REVYL_AUTH_BYPASS_ENABLED=true
REVYL_AUTH_BYPASS_TOKEN=<token>
AndroidManifest.xml: register the app URL scheme and revyl-auth host.intent and handle onCreate / onNewIntent.Register the deep link on the activity that receives app links:
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="myapp" android:host="revyl-auth" />
</intent-filter>
Keep route mapping and session creation app-specific:
private val allowedRedirects = mapOf(
"/account" to AppRoute.Account,
"/checkout" to AppRoute.Checkout,
"/cart" to AppRoute.Cart,
)
private val allowedRoles = setOf("buyer", "support")
data class RevylAuthConfig(val enabled: Boolean, val token: String?)
fun revylAuthConfig(intent: Intent?): RevylAuthConfig {
return RevylAuthConfig(
enabled = intent?.getStringExtra("REVYL_AUTH_BYPASS_ENABLED") == "true",
token = intent?.getStringExtra("REVYL_AUTH_BYPASS_TOKEN"),
)
}
fun handleRevylAuthBypass(intent: Intent?, config: RevylAuthConfig): Boolean {
val uri = intent?.data ?: return false
if (uri.scheme != "myapp" || uri.host != "revyl-auth") return false
val role = uri.getQueryParameter("role") ?: "buyer"
val redirect = uri.getQueryParameter("redirect") ?: "/account"
check(config.enabled) { "Revyl auth bypass is disabled" }
check(uri.getQueryParameter("token") == config.token) { "Bad Revyl auth bypass token" }
check(role in allowedRoles) { "Role is not allowlisted" }
val route = allowedRedirects[redirect] ?: error("Redirect is not allowlisted")
TestSession.signIn(role)
appRouter.navigate(route)
return true
}
In the activity, capture the launch config before handling links:
private lateinit var revylAuthConfig: RevylAuthConfig
override fun onCreate(savedInstanceState: Bundle?) {
super.onCreate(savedInstanceState)
revylAuthConfig = revylAuthConfig(intent)
handleAuthLink(intent)
}
override fun onNewIntent(intent: Intent?) {
super.onNewIntent(intent)
setIntent(intent)
handleAuthLink(intent)
}
private fun handleAuthLink(intent: Intent?) {
try {
if (handleRevylAuthBypass(intent, revylAuthConfig)) showAuthBypassAccepted()
} catch (error: Throwable) {
showAuthBypassRejected(error.message ?: "Auth bypass rejected")
}
}
Replace TestSession, appRouter, and status UI helpers with the app's real surfaces.
Start a fresh Revyl session with launch vars attached:
export REVYL_AUTH_BYPASS_TOKEN="<test-only-token>"
revyl global launch-var update REVYL_AUTH_BYPASS_TOKEN --value "$REVYL_AUTH_BYPASS_TOKEN"
revyl dev --platform android --no-build \
--launch-var REVYL_AUTH_BYPASS_ENABLED \
--launch-var REVYL_AUTH_BYPASS_TOKEN
Then verify valid and rejected links:
revyl device navigate --url "myapp://revyl-auth?token=$REVYL_AUTH_BYPASS_TOKEN&role=buyer&redirect=%2Fcheckout"
revyl device screenshot --out /tmp/revyl-auth-bypass-android-valid.png
revyl device navigate --url "myapp://revyl-auth?token=wrong-token&role=buyer&redirect=%2Fcheckout"
revyl device navigate --url "myapp://revyl-auth?token=$REVYL_AUTH_BYPASS_TOKEN&role=admin&redirect=%2Fcheckout"
revyl device navigate --url "myapp://revyl-auth?token=$REVYL_AUTH_BYPASS_TOKEN&role=buyer&redirect=%2Fadmin"
revyl device screenshot --out /tmp/revyl-auth-bypass-android-rejected.png
REVYL_AUTH_BYPASS_ENABLED=true.Create robust Revyl E2E tests using CLI commands from app source analysis or exploratory sessions.
Create and maintain Revyl tests through MCP tools using create/update operations and execution feedback loops.
MCP dev-first mobile loop for reliable screenshot-observe-action execution, grounded interactions, and conversion of successful exploratory paths into tests.
Analyze failed Revyl test, workflow, and device-session reports via CLI to classify real bugs, flaky tests, infra issues, setup failures, or test-design improvements.
Expo and Expo Router leaf recipe for test-only auth bypass deep links using Revyl launch variables.
Flutter leaf recipe for test-only auth bypass deep links using Revyl launch variables.