Login process gets interrupted when using the home button to switch apps

[Ohems]

ISSUE CASE 1
Case 2 here

General info

In our React Native project, we use the the react-native-app-auth version 6.0.2. We begin the authorization process with something like the following:

reactNativeAuthorize({
  issuer: BASE_API_URL,
  clientId: "our-client-id",
  redirectUrl: "ourapp://callback",
  scopes: ["offline", "openid", "create:payments", "read:accounts"]
});

This opens a login flow in browser. As a part of the login flow, the user will be redirected to the login page of their chosen bank account. Most banks nowadays require the use of a separate login app which means that in order to complete the login flow the user must leave our application, open the separate login app, enter their PIN code or use finger print recognition and navigate back to our application.

The flow works well on iPhone. It usually works well on Android, but we have noticed two cases where the login process repeatedly fails with a consistent outcome when following certain steps.

Case 1

When the user navigates to the login app by using the Android home key instead of the app switcher key, this causes the login flow to get canceled. When returning back to the application, the user is faced with a login cancelation popup.

We are wondering if this is something inherent to Android that we should just communicate better to our users (effectively tell them not to use the home button during login) or if this could be fixed either to this library or to our login process.

[agologan]

You are not the first dev describing something similar #480 . Unfortunately it's not something we can replicate.
Is there a particular OS vendor, launcher combo giving you this issue or is it consistent across the board?

On Android when backgrounding an app the activity may be destroyed but in testing this state restoration works fine.
The app resources are only collected if you're lacking available memory so switching to a 2FA app and back shouldn't trigger this behavior (unless you've enabled a developer flag that doesn't keep your activities)

If this is not your case then the only other explanation is around how your app operates.
Quickly looking at the reactive native module there doesn't seem any issue with the implementation.
At most you should see a browser refresh when coming back if any.

Also please note you'll need to update the lib version inside the reactive native module uses to something closer to top of tree via https://jitpack.io/#openid/AppAuth-Android to make it work on the latest OS versions.

[Ohems]

Thanks for the comprehensive reply! The issue seems to be consistent across the board, I'm currently trying to get a list of devices and launchers, but getting this information from users or from our limited pool of production capable testers is difficult. Replicating the issue requires an actual production account and personal bank accounts. So far I only know that this happens on one device with OnePlus 7 Pro, Android 10, Nova launcher.

We have now confirmed that we've been using the latest 0.7.1 version of the AppAuth-Android library.

[agologan]

Unfortunately 0.7.1 "is not the latest" and there are have been some changes since then.
The project has been on hiatus for some time and we haven't made a new release since the 2018 release.
Developers who actually integrate AppAuth today use a build closer to the top from https://jitpack.io/#openid/AppAuth-Android until we prepare a new release.

If you can replicate the issue I recommend grabbing a newer version and test if that resolves your use-case.
Also, be aware Android 11 requires change in #613

[Aleksefo]

We investigated the issue on our end, and the issue is not related to Auth library, but android in general: https://issuetracker.google.com/issues/36907463
A related issue for React Native part: FormidableLabs/react-native-app-auth#494

Solution:

AndroidManifest.xml:
android:launchMode="standard"

MainActivity.java

  @Override
  protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    if (!isTaskRoot()) {
      finish();
      return;
    }
  }

The fix works in most of the cases except when the app is opened from an unusual source (Android studio, react-native start, Google play, etc.). In that case, using home screen icon to return to the app will cause extra activity on top of the stack. For that, I recommend closing either the activity or the app completely. After restart, the app is authenticated and everything works.

[agologan]

Took me a while to get back to this and I'm happy I did as I wasn't aware of this issue.
Closing as it seems there is nothing further to discuss at this point in time.