MaikuB/flutter_appauth

iOS-FaceID Popup prevents In-App browser from opening

Opened this issue · 0 comments

g-feil commented

Hello, we have come across a pretty rare bug, which I was able to reproduce in this repo: https://github.com/g-feil/flutterappauthbug

We are using flutter_appauth in combination with local_auth for biometric authentification. In a very specific case (which by design should not occur in our app, but it did), the FaceID Popup prevents the correct execution of authorizeAndExchangeCode. This is also shown in the attached video. We are using Ephemeral Session, the error occurs only on iOS.

LoginApp.mov

Reproduction as provided in code:

  1. Authenticate with biometrics using local_auth
  2. Confirm Biometrics (FaceID in our case)
  3. A small popup is seen for a few seconds, then the login page closes. (Tr: "App wants to use ... to sign in")

Why does this happen?
The callback of the local_auth authenticate gets called as soon as the user confirms. However iOS still plays an animation, that shows the confirmation (the face converts into a tick). The flutter code reaches authorizeAndExchangeCode while the animation is playing, and therefore this weird behavior occurs.

We were able to fix this issue by hardcoding a delay of 1.5 seconds, which is not optimal.
I don't think the local_auth package can fix this, because I have read in some forums, that this callback also gets executed early in native, but I'm not a pro in this area. The small popup in Step 3 leads me to think, that this case is interesting for the app_auth package.

Thanks for looking into this!