Webauthenticator on android still has incorrect behaviour described in #22296 #26929
Labels
area-essentials
Essentials: Device, Display, Connectivity, Secure Storage, Sensors, App Info
essentials-webauth
platform/android 🤖
t/bug
Something isn't working
Milestone
Description
We are experiencing the same/similar issue described in #22296 where only on android builds of our app, when using WebAuthenticator to complete a successful authentication flow that redirects to a custom URL scheme like myapp://callback, the chrome window used for authentication will send a second, spurious call to to the authentication endpoint immediately after redirecting back to our app.
In our case this additional call silently fails as the first, successful auth request clears some intermediate cookies used during authentication when it completes. This does not directly affect the our app, however we have had to add additional code to our authentication endpoint to suppress the errors generated by the extra HTTP calls.
Steps to Reproduce
Create new MAUI application containing an authentication flow as described in WebAuthenticator as defined in https://learn.microsoft.com/en-us/dotnet/maui/platform-integration/communication/authentication?view=net-maui-9.0&tabs=android that connects to a mobile auth controller that uses a custom callback scheme to return control to the app via redirect.
Expected result; after successful authentication the browser window redirects back to the app via custom URL scheme and the browser cleanly exits
Actual result; on android specifically, after successful authentication the browser window does redirect back to the app via custom URL scheme, however the browser will then re-send another authentication attempt.
Link to public reproduction project repository
No response
Version with bug
9.0.0 GA
Is this a regression from previous behavior?
Not sure, did not test other versions
Last version that worked well
No response
Affected platforms
Android
Affected platform versions
Android 13
Did you find any workaround?
The issue can be worked around by catching the extra HTTP requests and discarding them.
Relevant log output
The text was updated successfully, but these errors were encountered: