Open fungc-io opened 1 year ago
Reported by another user today that is using WebKit WebView UI implementation that, after reinstallation, the cookie session inside webkit webview is lost; while the app itself is still AUTHENTICATED. This is quite confusing for the developer.
It's best if we can switch the default such that the refresh token in keychain is lost after reinstall.
We should beware that for anonymous users, we shall keep the current behaviour. (Or have another issue for the "feature of anonymous users retained between installations" in future)
Things to consider when designing the approach
Problem
It is the default behavior of Apple Keychain which the items will not be removed after deletion of the app. As Authgear is storing the refresh token in keychain on iOS, the login session will survive in re-installation
Sometimes this behavior is not desirable to a user.
Appetite
??
Solution
Thread in Apple Developer Forum suggests:
Reference: https://developer.apple.com/forums/thread/36442