Another alpha release! This one's important and does a lot to fix auth issues Firefox for Android users were seeing.
If you're interested in supporting the project, your feedback is welcome! I try my best to be as responsive as possible in issue discussions and on BlueSky. I'm also in need of testers for Android to publish Lazurite on the Play Store. If you're interested, please shoot me a DM!
Highlights
OAuth callback handling now supports and prefers HTTPS app links/universal links on mobile, while preserving custom-scheme fallback. This means
Authentication recovery is now more resilient when tokens expire in the background.
Account switching flows were hardened, including safer re-auth handling and account removal behavior.
What’s Changed
OAuth callback hardening (Android + iOS)
Added HTTPS callback preference for mobile OAuth flows when supported by client metadata.
Added Android app-link verification support and hosted association metadata.
Added iOS universal-link association support.
Kept custom-scheme callback handling as a fallback path for compatibility.
Auth/session resilience
Added proactive and on-demand session recovery behavior for unauthorized/expired-token cases.
Added one-time unauthorized retry behavior in key data-fetch flows (feed, thread, conversation) after successful recovery.
Fixes
Fixed background token-expiry scenarios that could leave feed/thread/conversation requests failing until manual re-auth.
Fixed account-switch failure handling by routing failed switches to explicit sign-in/reauth paths.
Fixed account-switcher removal flows to better handle active-account fallback and no-account states.