Auth0.Android icon indicating copy to clipboard operation
Auth0.Android copied to clipboard
verified publisher icon auth0

CredentialsManager exception not being catched

Open podybman opened this issue 1 year ago • 0 comments

Checklist

  • [X] The issue can be reproduced in the Auth0.Android sample app (or N/A).
  • [X] I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
  • [X] I have looked into the API documentation and have not found a suitable solution or answer.
  • [X] I have searched the issues and have not found a suitable solution or answer.
  • [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
  • [X] I agree to the terms within the Auth0 Code of Conduct.

Description

Hi folks,

I'm having a case where an Exception is raised from the CredentialManager but it's not catched:

 Fatal Exception: com.auth0.android.authentication.storage.CredentialsManagerException: A change on the Lock Screen security settings have deemed the encryption keys invalid and have been recreated. Please try saving the credentials again.
       at com.auth0.android.authentication.storage.SecureCredentialsManager.saveCredentials(SecureCredentialsManager.kt:196)
       at com.tt.authentication.AuthenticationFrameworkModule$providesAuthenticationFramework$3.invokeSuspend(AuthenticationFrameworkModule.kt:160)
       at com.tt.authentication.AuthenticationFrameworkModule$providesAuthenticationFramework$3.invoke(AuthenticationFrameworkModule.kt:8)
       at com.tt.authentication.AuthenticationFrameworkModule$providesAuthenticationFramework$3.invoke(AuthenticationFrameworkModule.kt:4)
       at com.tt.authentication.AuthenticationFramework.saveCredentials(AuthenticationFramework.kt:142)
       at com.tt.authentication.AuthenticationFramework.access$saveCredentials(AuthenticationFramework.kt)
       at com.tt.authentication.AuthenticationFramework$startSession$2$1$1$1$1.invokeSuspend(AuthenticationFramework.kt:57)
       at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
       at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:104)
       at kotlinx.coroutines.internal.LimitedDispatcher$Worker.run(LimitedDispatcher.kt:111)
       at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:99)
       at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt)
       at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:802)
       at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:706)
       at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt)

This is identical to https://github.com/auth0/Auth0.Android/issues/258, https://github.com/auth0/Auth0.Android/issues/330 and https://github.com/auth0/Auth0.Android/issues/540

While the root cause probably is an issue about something not being thread-safe, the biggest issue for me is that the SDK doesn't catch its own exception. I don't think it's acceptable for a third-party to crash an app, especially on an error that is not user facing and doesn't result in any problem (here the user stay identified, no issue).

Reproduction

Unclear how to reproduce easily

Additional context

No response

Auth0.Android version

2.10.2

Android version(s)

13

podybman avatar Jul 19 '24 14:07 podybman