You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We've received negative reviews from our users due to them losing the MFA code when they head to the Email app to grab the MFA code, especially in old or low-memory devices.
Digging deeper, it looks like Auth0 Login with Browser SDK doesn't gracefully handle process death scenarios for the underlying app when it is killed in the background due to Android's system kill scenario.
I'm able to reproduce the scenario in the example app, where I click Login With Browser (Async) (we're using Corotuines in our app, but I suspect it doesn't matter as it will also happen with pure callbacks API), put the app in background, simulate process death, put the app to foreground, login with the user, expected: Hello <username> Snackbar is shown, actual: nothing happens.
Reproduction
Click Login in with Browser (Async)
Click home to put the app to background
Execute
adb shell am kill com.auth0.sample to simulate the Auth0 sample app system kill
Put the app to foreground
Login with credentials: user: reproducer@gmail.com, pass: 12345678aA$
Login succeeds app opens, but no callbacks are invoked.
Expected: Hello reproducer@gmail.com Snackbar is shown
Actual: Nothing happens
Additional context
When process death kicks in, the app's memory gets reset, which explains why we're losing the callbacks. I think though Auth0 may need to provide an API so that SDK users would recover from such situation, especially knowing that the app always receive the callback redirect URL even in process death situation, which Auth0 can grab and appropriately parse it.
Auth0.Android version
2.11.0
Android version(s)
API 33
The text was updated successfully, but these errors were encountered:
Checklist
Description
We've received negative reviews from our users due to them losing the MFA code when they head to the Email app to grab the MFA code, especially in old or low-memory devices.
Digging deeper, it looks like Auth0 Login with Browser SDK doesn't gracefully handle process death scenarios for the underlying app when it is killed in the background due to Android's system kill scenario.
I'm able to reproduce the scenario in the example app, where I click Login With Browser (Async) (we're using Corotuines in our app, but I suspect it doesn't matter as it will also happen with pure callbacks API), put the app in background, simulate process death, put the app to foreground, login with the user, expected:
Hello <username>
Snackbar is shown, actual: nothing happens.Reproduction
adb shell am kill com.auth0.sample
to simulate the Auth0 sample app system killreproducer@gmail.com
, pass:12345678aA$
Expected:
Hello reproducer@gmail.com
Snackbar is shownActual: Nothing happens
Additional context
When process death kicks in, the app's memory gets reset, which explains why we're losing the callbacks. I think though Auth0 may need to provide an API so that SDK users would recover from such situation, especially knowing that the app always receive the callback redirect URL even in process death situation, which Auth0 can grab and appropriately parse it.
Auth0.Android version
2.11.0
Android version(s)
API 33
The text was updated successfully, but these errors were encountered: