search

forcedotcom / SalesforceMobileSDK-iOS

iOS SDK for Salesforce
Other
538 stars 418 forks source link

Invalid access token in Authentication webview #3738

Open sortinousn opened 1 month ago

sortinousn commented 1 month ago

Please fill out the following details:

  1. Version of Mobile SDK Used: 12.0.1
  2. Issue found in Native App or Hybrid App: Native
  3. OS Version: All
  4. Device: IPhone 13 Pro
  5. Steps to reproduce:

We are using the embedded login in salesforce to log the user in. We have a passive logout function on our member portal that logs the user out after 15 minutes of inactivity where the session is ended and access token is invalidated. We call this single logout function in the connected app (https://xxxxxxx.my.salesforce.com/services/auth/idp/oidc/logout) to log the user out. This works fine on the desktop browser, however on the mobile app when the user goes to log back in after the passive logout they get a blank screen after authentication. This issue is happening in the Authentication webview I believe its caused by a cached session or token. The only fix seems to be to have the user uninstall the App and reinstall the app, however this problem will continuously pop up if they are passively logged out and try to log back in again. As I said it works fine the desktop browser, but in the app authentication webview there must be some disconnect or an invalid session thats being called, its hard to troubleshoot since we aren't really getting an error.

Is there a way to clear the authentication helper webview cache or get a new session?

In our ContentView.swift webview (after authentication) when passive logout happens server side we call this function in our webview to direct the user back to login.

         .... webview ....
            if url.description.lowercased().contains("logout") {
                // Passive logout has been called, navigate app back to the authentication webview.
                // swiftlint:disable force_cast
                let delegate = UIApplication.shared.delegate as! AppDelegate
                AuthHelper.loginIfRequired {
                    delegate.setupRootViewController()
                }
                decisionHandler(.cancel)
                return
            }

I have also tried calling these methods on logout as well in our webview but I still have the same issue

//                UserAccountManager.shared.logout()
//                UserAccountManager.shared.logoutAllUsers()
//                UserAccountManager.shared.currentUserAccount?.credentials.revoke()

  1. Actual behavior: User Logs in to app successfully, gets passively logged out due to 15 minutes of inactivity. Users gets prompted for biomrics/username password but is directed to a blank screen after authentication.

  2. Expected Behavior: User Logs in to app successfully, gets passively logged out due to 15 minutes of inactivity. Users should be able to log back in to the authenticated experience with biometrics or username and password.

  3. Error Log:

sortinousn commented 1 month ago

I think this issue may be related to #3619. I can confirm via the introspection API that the access token being used is infact invalid. Logging back in via the built in SDK functions in the scenedelegate does not retrieve a new token. I was actually able to reproduce the issue by revoking the token after login and then calling loginifrequired.