SyncAuthWebClient throws "No Compatible Browser Found" on Android Emulator

[dapp]

Describe the bug?

I'm trying to use the SyncAuthWebClient to develop my own implementation of the Auth Flow using coroutines and synchronous background refresh.

When I run on a device, my implementation works fine AuthorizationException: {"type":0,"code":10,"errorDescription":"No compatible browser found"}

What is expected to happen?

Calling syncWebAuthClient.signIn() should launch a browser from either a device or emulator

What is the actual behavior?

Calling syncWebAuthClient.signIn() launches a browser from a device, but from an emulator throws the error

AuthorizationException: {"type":0,"code":10,"errorDescription":"No compatible browser found"}

Even though chrome is installed and set as the default browser

Reproduction Steps?

Create a SyncWebAuthClient with the following options:

 val config = OIDCConfig.Builder().withJsonFile(context, configResourceId).create()
        return SyncWebAuthBuilder().withConfig(config).withContext(context)
            .withStorage(SharedPreferenceStorage(context, PREF_STORAGE_WEB))
            .setRequireHardwareBackedKeyStore(false).browserMatchAll(true).create()

Then Call

val result = syncWebAuthClient.signIn(activity, hintOrUsername)

Additional Information?

No response

SDK Version

implementation 'com.okta.android:oidc-androidx:1.0.16'
    implementation 'com.okta.authn.sdk:okta-authn-sdk-api:2.0.0'
    implementation('com.okta.authn.sdk:okta-authn-sdk-impl:2.0.0') {
        exclude group: 'com.okta.sdk', module: 'okta-sdk-httpclient'
    }

    implementation 'com.okta.sdk:okta-sdk-okhttp:2.0.0'

Build Information

No response

[JayNewstrom]

Hi @dapp

We've seen reports similar to this in the past. You can customize some of the behavior via browserMatchAll See. You can also see some further diagnostic steps in #282.

PS, you mentioned you're using coroutines. We just launched a new suite of beta SDKs tackling the same problem space as this SDK here: https://github.com/okta/okta-mobile-kotlin/tree/0.2.0-BETA This new suite of SDKs is fully kotlin, and embraces coroutines! If you're interested in trying it out, we'd appreciate feedback before we get to 1.0.

[dapp]

Cool, I'll take a look, thanks

[dapp]

@JayNewstrom haven't been able to get the emulator to work with this sdk. Also I'm having problems with the SyncWebAuthClient, namely that login always reports back a status of Cancelled.

Is the SyncWebAuthClient supported? It's not in any of the docs, but it's the only way I can find to develop my own auth result management, outside of a callback.

I can't use the new Kotlin SDK... it's marked beta, but says that the interface could change, so really we have to treat it as an alpha.

[JayNewstrom]

SyncWebAuthClient is supported, and used internally by WebAuthClient.

[dapp]

Any idea why every successful sign in using SyncWebAuthClient returns status cancelled?

[JayNewstrom]

I'm not sure, but in general we recommend using WebAuthClient, which is why our documentation is the way it is. Could you tell me more about the problem you're trying to solve and why it requires SyncWebAuthClient?

Is your issue isolated to just SyncWebAuthClient, or does it fail for WebAuthClient as well?

[FeiChen-okta]

You can use suspendCancellableCoroutines. For example https://gist.github.com/FeiChen-okta/b636e957a173fdec14f54c27cf3e4e19

Then call it in runBlocking to make it synchronous.

[dapp]

I'm not sure, but in general we recommend using WebAuthClient, which is why our documentation is the way it is. Could you tell me more about the problem you're trying to solve and why it requires SyncWebAuthClient?

Is your issue isolated to just SyncWebAuthClient, or does it fail for WebAuthClient as well?

I'm using SyncWebAuthClient because I want the token refresh to take place in the background as part of an authenticated API request which is already on a non-UI thread.

The architecture is: register an interceptor that runs during every authenticated API call, and checks the access token expiration. The interceptor refreshes the token if needed (synchronously, since it's already in the background) then allows the original call to proceed.

[JayNewstrom]

In the new beta SDK, we've solved this problem nicely for you! https://github.com/okta/okta-mobile-kotlin/blob/0.2.0-BETA/auth-foundation/src/main/java/com/okta/authfoundation/credential/Credential.kt#L253-L264

That being said, if you can recreate your issue, or submit a failing test case, I'd be happy to fix it in this SDK as well.

[dapp]

In the new beta SDK, we've solved this problem nicely for you! https://github.com/okta/okta-mobile-kotlin/blob/0.2.0-BETA/auth-foundation/src/main/java/com/okta/authfoundation/credential/Credential.kt#L253-L264

That being said, if you can recreate your issue, or submit a failing test case, I'd be happy to fix it in this SDK as well.

I'd love to use the new SDK. Any idea when there will be a stable version?

[JayNewstrom]

We're currently soliciting feedback, in hopes that anything we missed during planning/development (API design wise) can be fixed before 1.0. So if you wouldn't mind trying it out, we would appreciate your feedback.

We have a small amount of feature work planned before 1.0, but feedback will be the limiting factor in releasing 1.0, not development work.

Feel free to reach out to me directly (jay dot newstrom at okta dot com), or submit issues for feedback.

[dapp]

Thanks Jay. After an initial look I definitely have feedback.

Unfortunately, we don't have the runway to wait for the new library to be stable, so I'll continue banging on the sync web client to see why it's failing, or we may just develop our implementation using okta + appauth.

[JayNewstrom]

Thanks. Please reach out with feedback!

Also, please consider the gist Fei linked above, which uses this SDK and might be applicable to your use case.

[dapp]

I've solved the original emulator problem in this issue

https://stackoverflow.com/a/72204250/502463