magic-js
magic-js copied to clipboard
magiclabs
OAuth is not persisted after app restart
✅ Prerequisites
- [x] Did you perform a cursory search of open issues? Is this bug already reported elsewhere?
- [x] Are you running the latest SDK version?
- [x] Are you reporting to the correct repository (
magic-sdk)?
🐛 Description
m.user.isLoggedIn() returns false after successful social log in (Google in my case) and app restart.
🧩 Steps to Reproduce
- Log in using
m.oauth.loginWithPopup({ provider: 'google', redirectURI: REDIRECT_URI }) - Restart the app
- Call
m.user.isLoggedIn()
🤔 Expected behavior
m.user.isLoggedIn() returns true
😮 Actual behavior
m.user.isLoggedIn() returns false
🌎 Environment
| Software | Version(s) |
|---|---|
magic-sdk |
8.1.0 |
| Browser | |
yarn |
1.22.10 |
| Operating System | macOS 12.1, iPhone simulator with iOS 15.2 |
Some follow-up to this ticket. This issue happens only on iOS devices, where our auth relayer storage gets partitioned and made ephemeral by Apple Webkit ITP. We'll investigate for a better solution, but very unlikely in a short term.
Is there any update here? This creates a pretty bad experience for our iOS users.
I wanted to follow up here. I see this happening on Google Chrome as well.
@pkayfire The fix to the current issue is planned for the first half of Q4. I'll comment in this thread if there's any update
Please let me know if this is a blocker for you and if you're releasing your app anytime soon.
Thanks for the response. Our app is currently live and we're paying for a Magic Plus Auth subscription. The paid subscription doesn't deliver any value though if we can't have authenticated routes due to this issue. Is there any way you can fast track the fix? @Ethella
Thanks for the feedback. I'll have to relay this back to the team to see if we are able to accommodate your request. I'll get back to you shortly.
Thank you! I am seeing this issue on Safari and Chrome if it helps make the request more urgent to the team.
@Ethella Will the fix be available for non-expo apps?
Yes, the fix will be available across all platforms / frameworks
Thank you! I am seeing this issue on Safari and Chrome if it helps make the request more urgent to the team.
Sorry for the late reply. The first half in Q4 is the best we can do, as we have quite a few major updates coming up. Thank you for your patience. 🙏
Got it -- thanks for letting us know. Will watch for updates on this issue. Thanks!
Hi I just wanted to follow up here to see if your team is on track to release a fix for this issue in the first half of Q4. Thanks!
Just wanted to follow up again, since the first half of Q4 is ending in 7 days.
We are Magic Auth Plus users and will most likely have to cancel our subscription if this isn't fixed in a timely manner. Thanks
@pkayfire Our Mobile team is actively working on this and we are still on track to have this resolved by the end of Q4. We will update this issue thread when there is more to share.
It's very misleading for your team to promise a fix by the first half of Q4 and now say it's going to take an additional 2 months.
Your product is an authentication toolkit, yet you can't keep your customers' users authenticated and it's been broken for almost 9 months? I'm sorry, but that's unacceptable as a venture-backed startup.
Hey @pkayfire, I apologize for the misinformation. As promised, we aim to have this problem resolved by the end of this week. The PR is under review, and it's been our top priority. I'll notify you once it's been released to prod. Thank you for your patience!
Hey, @pkayfire. Another update to this ticket, the fix we raised requires a security enhancement which will push back the expected release day to the following Monday. I'll keep you informed and keep updating the status in the thread. 🙏
Got it — thanks!
On Thu, Nov 10, 2022 at 11:35 AM Jerry Liu @.***> wrote:
Hey, @pkayfire https://github.com/pkayfire. Another update to this ticket, the fix we raised requires a security enhancement which will push back the expected release day to the following Monday. I'll keep you informed and keep updating the status in the thread. 🙏
— Reply to this email directly, view it on GitHub https://github.com/magiclabs/magic-js/issues/279#issuecomment-1310802189, or unsubscribe https://github.com/notifications/unsubscribe-auth/AATINSJOVLFO7HWHNBAI253WHVE65ANCNFSM5OACEEXA . You are receiving this because you were mentioned.Message ID: @.***>
-- Sent from Gmail Mobile
Hey @Ethella, I also wanted to confirm whether this fix would affect Chrome Desktop as well? We've been seeing a similar problem on both Mobile Safari + Chrome Desktop. I sent over our Magic auth integration code earlier today to confirm it's not an issue on our end.
My gut feeling is, they are different problems because we don't receive issues reported from customers who are on a Chrome Desktop. I'll make sure the OAuth session persistence issue for mobile is completely out of your way first, and then I'll take a deeper look at the desktop problems.
Hey. There are messages above that people got the same issue on Web. I also see the same in Google Chrome.
Please, take a look on this.
The issue in Chrome is 100% the same. After reload - user.isLoggedIn() returns false, so the session is not persisted.
This happens only if you use social login (I've tried with google auth)
A fix has been rolled out. I can confirm the OAuth session persistence issue has been resolved. Please give it a try and let us know how it looks.
@mikeavvad For Chrome desktop, please give it a try again and let us know if the issue still persists. Feel free to start a new issue and post your findings in it.
@pkayfire No need to update the NPM packages. If you are still seeing this issue, restart the app, and it should be good.
got it -- thanks for letting me know. We'll report back if we still encounter the issue.