## Problem On mobile, starting an OAuth connection from ChatGPT (MCP connector) opens the **installed Whisper Money PWA** and lands on the **dashboard** instead of the OAuth consent screen — so the connection can never be approved. ## Cause The web app manifest declares `scope: "/"`, so the installed PWA claims the entire origin, including `/oauth/authorize`. On Android the OAuth link gets captured into the app, and the default launch behavior just **focuses the already-open window (the dashboard) and drops the incoming URL** — the consent page never loads. Narrowing `scope` to exclude `/oauth` isn't viable: the app's routes are flat (`/dashboard`, `/transactions`, `/accounts`, …) and share no prefix, so a narrower scope would push half the app out to the browser. ## Fix - `site.webmanifest`: add `launch_handler.client_mode: "focus-existing"` so the launcher hands the app the captured target URL via the launch queue. - `app.tsx`: a `launchQueue` consumer that navigates to the target URL when it's an `/oauth/` path. Every other launch is a no-op (keeps its place). Low blast radius — additive manifest field + a guard scoped to `/oauth/` paths; existing (desktop) OAuth is unaffected. ## Verification Cannot be tested off-device. After deploy, on the phone: 1. **Reinstall the PWA** (remove from home screen, re-add) so Android re-fetches the manifest. 2. Retry the ChatGPT OAuth connect → should land on the "Connect ChatGPT to Whisper Money" consent screen. Depends on `launch_handler`/`launchQueue` (Chrome/Edge 102+, covers nearly all Android). |
||
|---|---|---|
| .. | ||
| apple-touch-icon.png | ||
| apple-touch-icon.svg | ||
| favicon-96x96.png | ||
| favicon.ico | ||
| favicon.svg | ||
| site.webmanifest | ||
| web-app-manifest-192x192.png | ||
| web-app-manifest-512x512.png | ||