search

openid / AppAuth-iOS

iOS and macOS SDK for communicating with OAuth 2.0 and OpenID Connect providers.
https://openid.github.io/AppAuth-iOS
Apache License 2.0
1.75k stars 766 forks source link

`OIDExternalUserAgentSession` flow cannot be resumed from URL after app termination #819

Open drhaynes-cat opened 7 months ago

drhaynes-cat commented 7 months ago

Describe the bug

I am trying to handle the case where the app has been terminated when an auth flow is in progress. For context, this is using an email magic link flow, so there may be some time between the flow being initiated on the app side, and the link being followed in a user's email client.

What is the best way to handle the scenario where the user taps the one-time link in their email client, but the app is no longer running, and hence there is no current OIDExternalUserAgentSession to use to resume the auth flow from?

Normally you would do something like currentFlow.resumeExternalUserAgentFlow(with: url), but in this case the current flow no longer exists.

This scenario does not appear to be in any of the examples, or documented anywhere I could find.

Is the correct approach to persist the original OIDAuthorizationRequest when the flow is initiated and recreate the flow using:

OIDAuthState.authState(
    byPresenting authorizationRequest: OIDAuthorizationRequest,
    presenting presentingViewController: UIViewController
    callback: @escaping OIDAuthStateAuthorizationCallback
) -> OIDExternalUserAgentSession

Is this even a valid use case? Is the one-time code in the email expected to be immediate use, and so any app termination in the meantime means you have to request another link to authenticate?

Any guidance greatly appreciated.