Annoying TWA Assert Links
What’s TWA?
Trusted Web Activity (TWA) lets you publish your Progressive Web App (PWA) to Google Play Store as an app and runs in full screen. It’s new (introduced on February 5, 2019) and has all Chrome features. Its predecessors are Chrome Custom Tab (CCT) and WebView. CCT has browser UI and WebView lacks some features such as web push notifications, therefor TWA is better than both of them. Be aware that it will use CCT if the user’s browser is older than version 72. Sounds great until I found the URL bar still exists.
HTTP Status Code
Both documents(here and here) said that the response HTTP status code of the assertlinks.json
file must be 200. And I get a 304. It first occured to me that this must be the real reason, turned out it’s not. 304 is fine.
Asset Links Fingerprint
TWA uses Digital Asset Links to verify the app and the site belongs to the same developer. The Chrome bar will disappear if the verification successes. I followed this document, it works only when I insall the app on my phone directly but failed when I downloaded it from the play store. So I guess the problem is app signing. I formerly used the upload key’s fingerprint in assertlinks.json
and enabled the App Signing by Google Play at the same time. In the end, the App is signed with Google’s key and my key got striped, the verification would fail certainly. The app signing process is annoyingly confusing.
The solution is to find Google’s signing certificate fingerprint in the Google Play Console (Release management -> App signing), then copy the SHA-256 fingerprint to the assertlinks.json
file.
Now we can upload Kahla TWA app to the play store! You can view the TWA project code on Github.
.well-known Folder
The assertlinks.json
file is placed in the /.well-known/
folder, this location is defined by RFC 8615. You can see all the other well-known URLs on INNA’s website, like EFF’s dnt-policy.txt
.