search

okta / okta-oidc-android

OIDC SDK for Android
https://github.com/okta/okta-oidc-android
Other
60 stars 45 forks source link

User is unable to sign in through the Okta widget with error code 5003 #309

Closed syangatkonrad closed 2 years ago

syangatkonrad commented 2 years ago

Describe the bug?

When attempting to call WebAuthClient.signIn(), the user is getting an onError callback with AuthorizationException.code of 5003.

By looking at your source code, this refers to an encryption error with invalid keys (the comment is "Error codes related to failed during read/write to storage" and specifically "Keys are invalid").

The user's device is an Android SM-G973W, Android 12.

Please advise.

What is expected to happen?

The widget should launch and allow the user to sign in.

What is the actual behavior?

The widget does not launch, instead will emit an error.

Reproduction Steps?

By calling WebAuthClient.signIn().

Additional Information?

No response

SDK Version

v1.2.2

Build Information

No response

aarongranick-okta commented 2 years ago

@syangatkonrad Thank you for the report. I am going to pass this issue to our mobile engineering team for investigation and follow up.

mikenachbaur-okta commented 2 years ago

Thank you for letting us know about this @syangatkonrad, we'll review this next week.

JayNewstrom commented 2 years ago

Hi @syangatkonrad could you provide us with a stack trace?

syangatkonrad commented 2 years ago

Hi @JayNewstrom unfortunately this was reported by an end user and we don't have access to the stack trace. Is there anything else I can provide?

JayNewstrom commented 2 years ago

It'll be hard to guess without a stack trace.

We've documented some error scenarios this might happen in the README: https://github.com/okta/okta-oidc-android#why-am-i-getting-invalid-key-errors

syangatkonrad commented 2 years ago

Thank you @JayNewstrom that's very helpful. Besides clearing app data, for scenario 1 where the key is invalidated by a change of security policy, what would be the solution?

JayNewstrom commented 2 years ago

If you're using the default config for storage/encryption, you can manually create the shared preferences instance, and clear it in code.

https://github.com/okta/okta-oidc-android/blob/7d2efb64d776c5b647f4f6951a86c92bb2d1382d/library/src/main/java/com/okta/oidc/storage/SharedPreferenceStorage.java#L55 Something like prefs.edit().clear().apply();

This is definitely a pain point to put this on the application developer (you). I'm taking this into account while designing the V2 of the SDK.

JayNewstrom commented 2 years ago

This has been implemented in the new SDK (currently in beta). See https://github.com/okta/okta-mobile-kotlin/pull/118