AppAuth-Android icon indicating copy to clipboard operation
AppAuth-Android copied to clipboard
verified publisher icon openid

appauth still keep authorized state when delete app -> install again

Open fukemy opened this issue 4 years ago • 3 comments

Configuration

  • Version: newest
  • Integration: java + kotlin
  • Identity provider: my custom provider

hi, i tested then got this issues, first time i delete app when login successful, then press build from Android Studio, then after checked i still see authState is still authorized:

 if (mStateManager.current.isAuthorized){
            val i = Intent(this@SplashScreen, HomeScreen::class.java)
            i.putExtras(intent)
            startActivity(i) -> still run into here
        }else{
            Log.e(TAG, "fallback to login because : ${mStateManager.current} - " +
                    "${mStateManager.current.authorizationException} -  " +
                    "${mStateManager.current.accessToken} -  " +
                    "${mStateManager.current.idToken}")
            startActivity(Intent(this@SplashScreen, LoginScreen::class.java))
        }

Can u provide me some ways to prevent it?

fukemy avatar Sep 01 '21 13:09 fukemy

Depends on what you mean by "it". The app's still authorized because the login process happens via Custom Tabs which shares cookies with your browser. You could add prompt:login to always ask the user to relog, or lower the cookie expiry but it really depends on your product's requirements.

agologan avatar Sep 01 '21 13:09 agologan

Hi, thanks you for fast response, i just tested with signout first, then delete app, then when press run button from Android studio again, i still got current issues

When logout success, i closed app then open again, then got auth state were cleared:

2021-09-01 20:48:09.652 25678-25678/com.civix.link E/SplashScreen: fallback to login because : net.openid.appauth.AuthState@8142dbe - null -  null -  null

here is code to logout:

val currentState: AuthState = mStateManager.current
        Log.e(TAG, "signout : ${currentState.accessToken} - ${currentState.authorizationException}")
        val clearedState = AuthState(currentState.authorizationServiceConfiguration!!)
        if (currentState.lastRegistrationResponse != null) {
            clearedState.update(currentState.lastRegistrationResponse)
        }
        mStateManager.replace(clearedState)

I dont know why the authstate restored when i install app again

fukemy avatar Sep 01 '21 13:09 fukemy

I don't understand what authstate restored means to you application logic. Or how your login process look like. As explained before you need to be explicit in defining your problem.

agologan avatar Sep 01 '21 14:09 agologan