auth0
Add Incognito Custom Tab (Ephemeral Session) support to Android Auth0 SDK
Checklist
- [X] I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
- [X] I have looked into the API documentation and have not found a suitable solution or answer.
- [X] I have searched the issues and have not found a suitable solution or answer.
- [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
- [X] I agree to the terms within the Auth0 Code of Conduct.
Describe the problem you'd like to have solved
The problem I would like to have solved is the lack of support for Incognito Custom Tab (Ephemeral Session) in the Android Auth0 SDK. Currently, the SDK does not provide a way to open an Incognito Custom Tab with an ephemeral session, which can be useful for scenarios where the user wants to authenticate without leaving any traces on the device. Our iOS app uses the iOS Auth0 SDK and is able to solve issues related to web cookies by implementing similar functionality since it has Ephemeral Session feature.
Describe the ideal solution
The ideal solution would be to enhance the Android Auth0 SDK by adding support for Incognito Custom Tab with an ephemeral session. This would allow developers to easily integrate this feature into their applications and provide a more secure and privacy-focused authentication experience for their users. Also not having to deal with issues related to cookies which intersect our web apps.
Alternatives and current workarounds
I have tried explicit logout - but it does not solve issue for our use-case since web app can be logged in anytime through email deeplinks.
Additional context
No response
+1. The current sign out behavior where the browser opens for a split second just to clear some cookies is honestly a bit ridiculous from a user experience perspective. Would love to see if there is a way we can avoid having to do that.
I'm shocked this isn't already supported. This essentially prevents being able to switch users without tapping log out. (Expired JWT)
Hi ,Apologies on the delayed response. After an initial investigation we observed there is no officially supported APIs to open an Incognito Custom Tab. Hence this might take some while before we add this feature support officially
Closing this for now. Please feel free to reopen this if you have any more comments
Hi ,Apologies on the delayed response. After an initial investigation we observed there is no officially supported APIs to open an Incognito Custom Tab. Hence this might take some while before we add this feature support officially
Hi @pmathew92, It looks like there is now an API for ephemeral sessions but sadly it's still in alpha. Hopefully it's on the teams' radar as it's a much-needed feature from a security standpoint. Thank you 😄
Hi @StanGomes , thanks for bringing this to our notice. Will keep a track of this and will add the support once the api becomes production ready
Hi everyone, version 1.9.0 has added support for Ephemeral Session but requires Gradle 8.9.1 or above . The Auth0.Android SDK currently uses Gradle version 7.4.0 and updating this reqiures a bit of work on our side. We will add this support once we have updated the gradle dependencies. Thank you for your patience
Great, thank you a lot. Can't wait for it! Not sure where to ask, as this is Android repo, but do you plan to release also Kotlin Multiplatform version of the library?
Hi @JiangHongTiao , We do have the plan for the Multiplatform library but it is still in very early stages of discussion .