Auth0 doesn't gracefully handle Android process death #779
Labels
bug
This points to a verified bug in the code
Comments
This was referenced Dec 3, 2024
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Checklist
Description
We've received negative reviews from our users due to them losing the MFA code when they head to the Email app to grab the MFA code, especially in old or low-memory devices.
Digging deeper, it looks like Auth0 Login with Browser SDK doesn't gracefully handle process death scenarios for the underlying app when it is killed in the background due to Android's system kill scenario.
I'm able to reproduce the scenario in the example app, where I click Login With Browser (Async) (we're using Corotuines in our app, but I suspect it doesn't matter as it will also happen with pure callbacks API), put the app in background, simulate process death, put the app to foreground, login with the user, expected:
Hello <username>Snackbar is shown, actual: nothing happens.Reproduction
adb shell am kill com.auth0.sampleto simulate the Auth0 sample app system kill[email protected], pass:12345678aA$Expected:
Hello [email protected]Snackbar is shownActual: Nothing happens
Additional context
When process death kicks in, the app's memory gets reset, which explains why we're losing the callbacks. I think though Auth0 may need to provide an API so that SDK users would recover from such situation, especially knowing that the app always receive the callback redirect URL even in process death situation, which Auth0 can grab and appropriately parse it.
Auth0.Android version
2.11.0
Android version(s)
API 33
The text was updated successfully, but these errors were encountered: