Configuration is cached between authorize calls #332
Comments
|
@mklekowski I think it better if there is an option to config cache or not? Do you know how to hotfix to bypass this issue? Should I revert to v4.3.1? |
|
@tuananhluong I do not know very well the code, but as far as I understand this line (https://github.com/FormidableLabs/react-native-app-auth/blob/master/android/src/main/java/com/rnappauth/RNAppAuthModule.java#L168) should look different. It should check if the prefetched configuration didn't changed (probably the simples way is to cache configuration by the issuer or just check if the issure is different). In my project I reverted to 4.3.1. I hope that authors of this project know how to fix it more than I, but maybe on the weekend I'll try to figure out how to fix it. |
I reverted to 4.3.1 too, thanks you. |
From https://github.com/openid/AppAuth-Android/releases Minor bug fixes: - Synchronizes multiple actions when requiring token refresh (FormidableLabs#332) - Make handling of non-standard expires_at more tolerant (FormidableLabs#336) - Changes related to Android tool changes between v25 and v27 (FormidableLabs#341, FormidableLabs#363) - Fix encoding of client ids and secrets for auth (FormidableLabs#345) - Handle CustomTabsSession.newSession failures (FormidableLabs#362) - Do not automatically pass scope on token exchange request (FormidableLabs#364) - Do not override tab title setting (FormidableLabs#365) - Respect default browser of the user correctly (FormidableLabs#379) - Updated custom tab definitions, including Firefox (FormidableLabs#378, FormidableLabs#383)
|
Hi, i have the same problem but i use the same issuer in requests. The idea is pass by propertie additionalParameters the email for the user login in the SSO plataform. Steps to reproduce: call authorize with email X Exist one method to clean the cokkies resulting of authorize. I use the version v4.3.1 |
Are you asking if such a method exists or stating that such a method exists? Because many are having this same problem; if you know of a good method for removing the session cookies to permit multi-user login, it would be very beneficial. |
|
Hi @mklekowski - thanks for reporting the issue. To be clear - are you using the prefetching functionality, or is it happening just when calling |
|
Just when calling authorize with different config. |
|
Having similar issues with iOS when authorizing against Microsoft AD. Cookies being stored and even after app deletion and re-install credentials are cached in the WebView. Currently only solution is to use display_prompt on additional parameters and require user to manually remove themselves. |
|
Same here. We have the ability to switch backend environments in our app, but this bug makes it impossible to sign-in again under a new |
|
I noticed the same thing when using multiple authentication providers. The issue seems to happen in the following scenarios when switching between providers:
The issues doesn't happen:
I've made an example here https://github.com/aeirola/react-native-app-auth/tree/multiple-providers-example/Example |
|
With the example it was actually quite easy to fix the issue, so I made a PR at #470 |
|
This is still an issue on the current version: For me, the fix is in the config that is passed to any of the functions, if you use |
Issue
When calling authorize method with different configuration, on the second time the configuration is taken from the first call - it is cached after first call.
The problem exist in version v4.4.0, but not in v4.3.1. I believe that the issue was introduced in this commit:
44a47c5
The mServiceConfiguration is taken instead of serviceConfiguration, which is ok for the first time or for using prefetching, and the field is not cleared when closing the chrome tab.
Steps to reproduce:
Result: tab is opened with issuer X
Expected result: tab is opened with issuer Y
Environment
my ownAndroidnoThe text was updated successfully, but these errors were encountered: