magic-js icon indicating copy to clipboard operation
magic-js copied to clipboard
verified publisher icon magiclabs

OAuth is not persisted after app restart

Open natanfirst opened this issue 6 months ago • 2 comments

✅ Prerequisites

  • [x] Did you perform a cursory search of open issues? Is this bug already reported elsewhere?
  • [x] Are you running the latest SDK version?
  • [x] Are you reporting to the correct repository (magic-sdk)?

🐛 Description

m.user.isLoggedIn() returns false after successful social log in (Google in my case) and app restart.

🧩 Steps to Reproduce

Log in using m.oauth.loginWithPopup({ provider: 'google', redirectURI: REDIRECT_URI }) Restart the app Call m.user.isLoggedIn() Call m.user.getInfo();

🤔 Expected behavior

m.user.isLoggedIn() returns true

😮 Actual behavior

m.user.isLoggedIn() = false [m.user.isLoggedIn() returns false](r: Magic RPC Error: [-32603] Internal error: User denied account access.)

import { OAuthExtension } from '@magic-ext/oauth2';
import { SolanaExtension } from '@magic-ext/solana';
import { Magic } from 'magic-sdk';

const createMagic = () => {
  return typeof window !== 'undefined'
    ? new Magic(process.env.NEXT_PUBLIC_MAGIC_PUBLISHABLE_KEY as string, {
        extensions: [
          new SolanaExtension({
            rpcUrl: 'https://api.mainnet-beta.solana.com',
          }),
          new OAuthExtension(),
        ],
      })
    : null;
};

export const magic = createMagic();

🌎 Environment

Software Version(s)
magic-sdk 29.2.0
Browser Brave - Safari and Chrome
yarn 1.22.22
Operating System MacOS
Framework NextJs

natanfirst avatar Jul 15 '25 23:07 natanfirst

I’m also experiencing user inconvenience due to this issue on mobile devices. In particular, on iOS, if the browser isn’t used for a certain period of time, the Magic login session expires. As a result, users are forced to repeatedly go through the cumbersome OAuth login process every time they access the service on mobile. I hope Magic Labs can address this issue with high priority. 🥲

altmshfkgudtjr avatar Oct 21 '25 06:10 altmshfkgudtjr

Symptoms have become very serious since this update. It's hard because there are too many issue reports from clients.

When will the issue be fixed?

shin101004 avatar Oct 21 '25 06:10 shin101004

Hello @natanfirst, based on your implementation, it looks like you’re using the web flow.

When calling loginWithPopup, you should pass only the provider and omit the redirectURI. This method opens a new window and automatically closes it once the OAuth flow completes. That said, I don’t believe this is the root cause of the issue you’re seeing.

To help investigate further, could you please: • Specify the version of @magic-ext/oauth2 you’re using • Let me know whether you can reproduce the issue with the latest versions of magic-sdk and @magic-ext/oauth2

sherzod-bakhodirov avatar Dec 17 '25 11:12 sherzod-bakhodirov

@altmshfkgudtjr we’re planning to release an improvement to the mobile SDKs soon that specifically targets the session persistence issue you’re encountering.

sherzod-bakhodirov avatar Dec 17 '25 11:12 sherzod-bakhodirov