When the user is redirected back to the app after successfully authenticating then the flow should continue.
What is the actual behavior?
The user is redirected back into the app but the flow stops, no token request is made.
Reproduction Steps?
Building and using the sample app checked from the project at tag 2.0.2
Pre-requisites:
okta.properties contains a valid issuer and client ID for your server
Select the "Browser" option
On the second screen select "Browser" again
Observe that a custom Chrome tab is launched with the expected authentication page
Kill the sample app process either with adb shell am kill sample.okta.oidc.android or via Android Studio process explorer
Sign into the auth page with valid credentials
Observe that you are redirected to the sample app but no further requests are made
Additional Information?
The hosting app may be killed if the device is low on memory. For example, when the user has to switch to a password manager to retrieve their credentials or they receive a phone call. Some Android OS power saving features may also eagerly kill backgrounded apps.
I don't see anyway for a consumer of the library to work around this within the web-authentication-ui. The bug seems to be caused by the fact that the redirectContinuation is null after the app has been recreated, so the flow "hangs".
If the oauth2 artefact andAuthorizationCodeFlow were used instead they could persist the Context to saved instance state if the properties of the Context object were not marked internal - or if in general you could provide some way to persist the Context object.
Assuming the URI contains all the required information to continue the flow (if the properties of the Context are also persisted), can this be supported?
SDK Version and Artifact(s) used.
The sample app and web-authentication-ui version 2.0.2
Describe the bug?
Using the sample app and web authentication using OIDC redirect; if the app experiences process death before being redirected back into the app from the browser then the flow stops before obtaining a token. Step 7 in this flow https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow-with-pkce) does not execute.
What is expected to happen?
When the user is redirected back to the app after successfully authenticating then the flow should continue.
What is the actual behavior?
The user is redirected back into the app but the flow stops, no token request is made.
Reproduction Steps?
Building and using the sample app checked from the project at tag
2.0.2Pre-requisites:
okta.propertiescontains a valid issuer and client ID for your serveradb shell am kill sample.okta.oidc.androidor via Android Studio process explorerAdditional Information?
The hosting app may be killed if the device is low on memory. For example, when the user has to switch to a password manager to retrieve their credentials or they receive a phone call. Some Android OS power saving features may also eagerly kill backgrounded apps.
I don't see anyway for a consumer of the library to work around this within the
web-authentication-ui. The bug seems to be caused by the fact that the redirectContinuation isnullafter the app has been recreated, so the flow "hangs".If the
oauth2artefact andAuthorizationCodeFlowwere used instead they could persist theContextto saved instance state if the properties of theContextobject were not marked internal - or if in general you could provide some way to persist theContextobject.Assuming the URI contains all the required information to continue the flow (if the properties of the Context are also persisted), can this be supported?
SDK Version and Artifact(s) used.
The sample app and
web-authentication-uiversion2.0.2Build Information
No response