Closed dkbast closed 2 months ago
I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
Some ideas for a workaround or solution if it's decided to change this behavior from https://forums.developer.apple.com/forums/thread/36442
IMHO this is the behavior expected, I mean, if users want to be logged out, they must do the action. If you want to solve this issue in your particular case I would try to flush the keychain the first time you open the app after reinstalling it.
You can ask to authenticate the user again even if the credentials are still valid.
If your app needs any kind of double-check, it could use LAContext for example, or any kind of 2FA each time it launches. Remember that the keychain keys are stuck to the Apple ID.
The login process is a pain for most companies, each time you show the login you are wasting the first impression moment, I mean, for example selling digital goods, offering discounts, engaging the user with your app, etc, that ends in less profits.
Description
This issue happens with the flutter firebase plugin, which to my understanding is based on this native implementation.
When uninstalling an app where a user is authenticated using firebase auth (e.g. email + pw) and reinstalls the app, the user is directly signed in with the old credentials.
Expected behaviour: When uninstalling the app, the credentials are also wiped. "Nobody" logs out before uninstalling an app. And especially in cases where the user want to avoid somebody else gaining access to their account and "just uninstalls" the app thats a huge red flag.
This has already been discussed here: https://github.com/firebase/flutterfire/issues/4661 but no solution has been found - the issue was closed with just updating the docs saying that this can happen, but thats not a good fix for the user.
Reproducing the issue
No response
Firebase SDK Version
flutterfire core 2.24.2, auth 4.15.3
Xcode Version
15.1
Installation Method
N/A
Firebase Product(s)
Authentication
Targeted Platforms
iOS
Relevant Log Output
No response
If using Swift Package Manager, the project's Package.resolved
Expand
Package.resolved
snippet```json Replace this line with the contents of your Package.resolved. ```
If using CocoaPods, the project's Podfile.lock
Expand
Podfile.lock
snippet```yml Replace this line with the contents of your Podfile.lock! ```