Open sloosh opened 7 years ago
sloosh
commented
7 years ago It seems this is because of the AuthorizationManagementActivity.onResume which is always calling finish(). Don't you think it could call it only with handleAuthorizationComplete() ?
iainmcgin
commented
7 years ago The intended behavior here is that if the user switches back to your app from a standalone browser that is used for authorization, this will be treated as canceling the flow. If you are using a custom tab, the custom tab should still be above the AuthorizationManagementActivity in the back stack, and so the flow should not be canceled.
So, to confirm, are you authorizing using a standalone browser? If you are, the user needs to return to the browser, not the app, after doing the 2FA step. We could improve this in AppAuth by displaying the AuthorizationManagementActivity as a dialog with a "return to browser" prompt and an explicit cancel button, but I'm not yet convinced this is the best approach.
When RedirectUriReceiverActivity is opened, if then app is paused and resumed the browser does not appear anymore, instead the calling Activity appears again to the top. This is a problem because I am using a 2 step authentication server. So once logged in the server ask for a token for the 2nd authentication step, I receive this token from an app on the device. So I have to open the token app, but once I come back to the app the browser is gone, and the login has to be processed again. That's quite annoying, is there something I could do to fix this ? Thanks.