When using RedirectRequestHandler, at the conclusion of an OAuth flow, all storage entries should be cleaned up, even if an error occurred.
Describe the problem
[REQUIRED] Actual Behavior
If there was an error during the OAuth flow, storage entries are left behind. This is problematic because a new random value is used as part of the localStorage keys for each new OAuth flow, so not cleaning them up causes localStorage to grow monotonically. This issue was discovered when a user hit the 5MB limit of their localStorage and was no longer able to log into the app, and we found the localStorage filled with many many appauth entries from failed login attempts that happened while the client setup was misconfigured.
Expected Behavior
[REQUIRED] Describe expected behavior
When using
RedirectRequestHandler, at the conclusion of an OAuth flow, all storage entries should be cleaned up, even if an error occurred.Describe the problem
[REQUIRED] Actual Behavior
If there was an error during the OAuth flow, storage entries are left behind. This is problematic because a new random value is used as part of the localStorage keys for each new OAuth flow, so not cleaning them up causes localStorage to grow monotonically. This issue was discovered when a user hit the 5MB limit of their localStorage and was no longer able to log into the app, and we found the localStorage filled with many many appauth entries from failed login attempts that happened while the client setup was misconfigured.
This TODO indicates the missing logic.
[REQUIRED] Steps to reproduce the behavior
LocalStorageBackendwith aRedirectRequestHandler.[REQUIRED] Environment