Oauth2 via macOS/iOS apps fail when bundleIdentifier has capital letters in it

Description of the issue:

During the development of a new macOS app, I integrated with Auth0 for OAuth2 authentication. Somewhere along the way I updated the (default) bundleIdentifier of my app to something like co.somecompany.App, at which point authentication stopped working for both Brave and Chrome (Safari continued to work fine, however).

To quickly summarize, authenticating with OAuth2 requires a callback to the authenticating party. For apps running on devices (vs. services) and things behind firewalls, this doesn’t work. Simplistically, Apple (and others) opts for a callback using a custom scheme, specifically named after the bundleIdentifier/application name, which the OS uses to invoking the app to continue/complete the authentication transaction.

The problem appears to be that the scheme gets lowercased by the browser. The callback invocation fails because there’s no app named co.somecompany.app – it’s called co.somecompany.App.

Expected Result

e.g. authenticating with a Google Account

Initiating an authentication flow produces a pop-up browser window, with Google’s authentication dialog.

I either choose my account from a list of accounts presented, at which point I then enter my password, OR I have only one account and I am led right into the password entry. Enter the right password, the dialog closes itself and the appropriate OAuth2 tokens can be retrieved/exchanged.

Actual Result

After entering in my password, the dialog hangs. If I inspect the popup window (using Developer Tools), I see in the console:

Failed to launch 'co.somecompany.app://somecompany.us.auth0.com/macos/co.somecompany.App/callback?code=dnj-5bgoogabooga&state=7zAem7EWMuLSSk6CZ3foobarblortN5qrD6sTiVayBgQ' because the scheme does not have a registered handler.

Note the difference in case, between the scheme and the identifier in the URL itself.

I traced the code into Apple’s API (which handles the pop-up securely), and it is receiving the scheme in capitalized form. And this works with Safari, which means Safari is handing back the scheme in proper capitalized form. So this has to do with Brave.

Brave Version
Brave Browser Beta 1.27.84

I tried this on latest Chrome as well, and it has the same problem.

Reproducible on current live release:
Yes

Additional information:
I’m using macOS Big Sur v11.4

Posted this to Chromium: https://bugs.chromium.org/p/chromium/issues/detail?id=1228053

Apparently the offending line was removed by this https://source.chromium.org/chromium/chromium/src/+/36242b09a42c497896592c4856437cfe50531d0f to fix another issue https://bugs.chromium.org/p/chromium/issues/detail?id=1223132

So, whenever Brave catches up to this Chromium commit, the issue will get fixed. FYI.