Web browser in android not getting close after successful login

[snehalInfogain]

We are trying out Okta.Xamarin.Android (pre-release 1.0.0-beta02 SDK)

Current behavior

When we navigate to a browser using OktaContext.Current.SignIn() in android, It asks us to choose the option from available browsers on the device. Please check below screenshot.

After choosing one browser when we enter valid credentials and hit Sign In button, user stays on the login screen even if we get response in the mobile app.

Minimal reproduction of the problem with instructions

1. Login using OktaContext.Current.SignIn() method.

Expected behavior

User should redirect to any of one browser automatically and after successful login browser should get close and user should get redirect back on the mobile app.

Environment

• OS: Android 10

• IDE: Visual Studio for Mac version 8.5.4(build 12)

[andriizhegurov-okta]

Hi @snehalInfogain. Thank you for reporting the issue. We will investigate this case and let you know here when we have any information.

[bryanapellanes-okta]

@snehalInfogain, Thanks for reporting this. I have a couple follow up questions to help us diagnose the issue:

• Are you using an emulator or a physical device?
• Can you share what instructions were used and what steps were taken to create the test app?
• Can you share code that reproduces the issue?
• Just to confirm, you're using Visual Studio for Mac, is that correct?

I will place something on the backlog to review this further. OKTA-367324

[snehalInfogain]

@BryanApellanes , Please check my response inline.

• Are you using an emulator or a physical device? We are using Physical device RealMeXT Android version 10.0
• Can you share what instructions were used and what steps were taken to create the test app? We have followed the implementation notes given with this GitHub project.
• Can you share code that reproduces the issue? We are using the source code from this project and only replaced the Client Id, Okta domain and Redirect URI
• Just to confirm, you're using Visual Studio for Mac, is that correct? We are using Visual Studio for Mac version 8.5.6 ~I will place something on the backlog to review this further.~ OKTA-367324

[bryanapellanes-okta]

@snehalInfogain , After further review, it appears that the instructions for step 4 described here: https://github.com/okta/okta-oidc-xamarin#android should have an Activity attribute that reads like so:

[Activity(Label = "MyLoginCallbackInterceptorActivity", LaunchMode = LaunchMode.SingleInstance)]

Note the LaunchMode setting for the Activity attribute should be set to LaunchMode.SingleInstance. This should resolve the issue.

Thanks for using Okta!

[snehalInfogain]

@bryanapellanes-okta
We tried your solution in this Github source code project, but browser still doesn’t get close. Even if we navigate back to Mobile app somehow, Browser still stays in background and when user clicks hardware back button he navigates back to browser login screen. We tested this on below devices

1. RealMeXT version 10
2. RealMe 7 pro version 10
3. ReadMe Note 5 pro version 9

4. Android emulator Oreo API 28

   Could you please reopen this issue?

[bryanapellanes-okta]

@snehalInfogain , I apologize for the inconvenience, I've reopened this and our internal issue for further investigation.

I've seen similar behavior in the past with this version of the Sdk which turned out to be caused by a failure in the authentication pipeline. Due to the nature of the OIDC protocol, background requests are made in a non-obvious way and a failure may occur that is ultimately swallowed and not surfaced. To further help my understanding I have some follow up questions/requests:

• Please share the content of your OktaConfig.xml file, you may redact the clienId and your domain. I'm looking for potential anomalies in the redirects.
• Please share the content of your login and logout callback activities. I'm specifically looking for the arguments given to the IntentFilter but the code from the entire class definition is preferred.
• Are you able to share your code repo with me on github by making me a temporary contributor? This would be greatly helpful to diagnose the issue.
• Does the behavior persist even after closing the application on the device then reopening and retrying the login process?
• Please describe the behavior when you open your sign-in url in a browser on your desktop (in your primary OS where your dev environment is running rather than the test device) and sign in. Are you successfully logged in through the browser?

[snehalInfogain]

@bryanapellanes-okta , Please check my response inline below.

• Please share the content of your OktaConfig.xml file, you may redact the clienId and your domain. I'm looking for potential anomalies in the redirects. I have given you contributor access to POC project and redacted the Client Id and Organisation Urls.
• Please share the content of your login and logout callback activities. I'm specifically looking for the arguments given to the IntentFilter but the code from the entire class definition is preferred. Information regarding IntentFilter is available in the same source code.
• Are you able to share your code repo with me on github by making me a temporary contributor? This would be greatly helpful to diagnose the issue. Done.
• Does the behavior persist even after closing the application on the device then reopening and retrying the login process? After logging in session gets created in the mobile browser so next time when user reopens the App and clicks on login button, as session is already created it navigates to browser for fraction of seconds and redirects back to app with tokens, Here user don't need to enter credentials again.
• Please describe the behavior when you open your sign-in url in a browser on your desktop (in your primary OS where your dev environment is running rather than the test device) and sign in. Are you successfully logged in through the browser? On desktop, when we open Organisation URL, We are able to login and redirect to https://testorgurl.com/user/notifications(Okta website) and then https://test**orgurl.com/app/UserHome(Okta website). I have redacted the organisation urls here.**

[bryanapellanes-okta]

@snehalInfogain , Thank you for your feedback and engagement, this is immeasurably helpful for us to provide the features and functionality that consumers of our Sdks need. Also, thank you for providing me contributor access to the code, however I don't have a link to the repository, can you provide this to me?

[bryanapellanes-okta]

@snehalInfogain, I apologize if I missed it before, I found the invitation to collaborate.

[bryanapellanes-okta]

@snehalInfogain, It looks like, because I am on a Windows machine, I am receiving this error when cloning your repository. I'm taking steps to see if I can manually address this on my side. However, if you can remove the Okta.Xamarin/.vs directory through .gitignore, or your alternate preferred method this may help save time.

$ git clone https://github.com/snehalInfogain/OktaPOCRedirectIssue.git
Cloning into 'OktaPOCRedirectIssue'...
remote: Enumerating objects: 2718, done.
remote: Total 2718 (delta 0), reused 0 (delta 0), pack-reused 2718
Receiving objects: 100% (2718/2718), 88.41 MiB | 42.91 MiB/s, done.
Resolving deltas: 100% (1125/1125), done.
error: invalid path 'Okta.Xamarin/.vs/Okta.Xamarin/xs/project-cache/Okta.Xamarin.iOS-Debug|iPhoneSimulator.json'
fatal: unable to checkout working tree
warning: Clone succeeded, but checkout failed.
You can inspect what was checked out with 'git status'
and retry with 'git restore --source=HEAD :/'

[snehalInfogain]

@bryanapellanes-okta, I have removed Okta.Xamarin/.vs and also added .gitignore file in the project. Sorry for the inconvenience caused.

[bryanapellanes-okta]

Additional investigation shows that this may be due to a mis-alignment in the scopes that are requested vs the scopes that the code expects. Investigating further.

[bryanapellanes-okta]

@snehalInfogain , I was able to reproduce the issue as described using your branch; I was also able to solve the problem by specifying LaunchMode.SingleTask instead of LaunchMode.SingleInstance. After clearing sessions and factory resetting the emulator use of this value appears to have solved the issue.

[snehalInfogain]

@bryanapellanes-okta
As suggested, we have changed LaunchMode.SingleInstance to LaunchMode.SingleTask, cleared the session and factory reset for emulator device. After doing this, redirection back to app works for only 1st time after login and again the same issue starts appearing from 2nd time. For the first time as well, the browser stays in the background when we click the hardware back button. Please check the attached video in the master branch.

As factory reset is not possible on real devices, we tried with LaunchMode.SingleTask and clearing the session on a real device, The issue still persists on a real device.

[bryanapellanes-okta]

This is beginning to look like a race condition in the code responsible for exchanging the response code for tokens. This line https://github.com/okta/okta-oidc-xamarin/blob/master/Okta.Xamarin/Okta.Xamarin/OidcClient.cs#L345 does not complete before the next line returns true. I'm investigating further from this angle.

Just to be sure that no other exceptions are causing this issue, please try adding a handler for the AuthenticationFailed event as described here: https://github.com/okta/okta-oidc-xamarin#authenticationfailed-event. This should help to eliminate the possibility that another error is manifesting as this behavior.

[snehalInfogain]

@bryanapellanes-okta , This issue is happening even in the case of successful Authentication.

[bryanapellanes-okta]

@bryanapellanes-okta , This issue is happening even in the case of successful Authentication.

Acknowledged, I'm continuing to investigate. Currently reviewing what others have done when facing similar behavior: https://forums.xamarin.com/discussion/100286/xamarin-auth-android-chrome-custom-tabs-doesnt-close-on-redirect

[bryanapellanes-okta]

@snehalInfogain, Please see the latest commit added to the main branch of your shared code. I was able to correct the behavior, following some of the recommendations in the previously linked article.