Custom sign-in by MFA will lost connect when app is in background

Question

Custom sign-in by MFA will lost connect when app is in background

Opened this issue 3 years ago · 4 comments

Describe the bug?

step1: input right user account
step2: click push MFA
step3: bring app into background and switch to Okta verify app wait 5 seconds and click approval.
step4: switch back to this Custom sign-in by MFA app.
step5: popup error: "Connection error (The network connection was lost.)"

What is expected to happen?

Should pass MFA auth after user finished approval action

What is the actual behavior?

popup error: "Connection error (The network connection was lost.)"

Reproduction Steps?

Wait more than 5 seconds before click Okta MFA approval

Additional Information?

No response

SDK Version(s)

pod 'OktaOidc', '3.11.0 '
pod 'OktaAuthSdk', '2.4.3'

Build Information

No response

Answer 1 · 2022-05-16T15:12:46.000Z

Thank you for bringing this to our attention @johnkxiong. Are you able to see which API call is being made which is reporting the connection time-out? And are you able to continue the authentication flow, or is authentication aborted at that point?

Answer 2 · 2022-05-17T01:39:23.000Z

HI @mikenachbaur-okta thx for your reply!!!!

Are you able to see which API call is being made which is reporting the connection time-out?

This issue only appear in real device, So I can not make sure the api. But this error will 100% happen when you bring app into background more than 5 seconds during your approval action.

And are you able to continue the authentication flow, or is authentication aborted at that point?

Yep, you can continue re-push MFA, and if you bring app into frontend quickly, that authentication flow will successful.

Currently our solution is re-trigger the authentication flow in MFAPushFactorHandler.swift when there is a connection lost error:

private func verifyPushFactor(factor: OktaFactorPush, statusCache: OktaAuthStatus, with delay: TimeInterval = 5) {
        let timer = Timer(timeInterval: delay, repeats: false) { _ in
            factor.checkFactorResult(onStatusChange: { [weak self] status in
                self?.handlePushFactorResponse(status: status)
            }, onError: { [weak self] error in
                switch error {
                case OktaError.connectionError(_):
                    // if connection lost times 'connectionLostCnt' > 1 throw error
                    // else retry get api response from Okta
                    guard (self?.connectionLostCnt ?? 0) > 1 else {
                        self?.connectionLostCnt += 1
                        self?.handlePushFactorResponse(status: statusCache)
                        return
                    }
                    self?.connectionLostCnt = 0
                    self?.delegate?.onError(error: error)
                default:
                    self?.delegate?.onError(error: error)
                }
            })
        }
       self.startPollTimer(timer: timer)
}

Kindly help suggest how to do the best practices for this issue 🙏

Answer 3 · 2022-05-17T04:28:42.000Z

Thank you for the detailed response. I'll try that out on my test device, and I'll try to reproduce your issue to narrow it down.

Unfortunately I'm going on PTO, and won't be able to look into this right away, but I'll get back to you as soon as I can.

If you are able to supply a full test app that can reproduce this problem, it would make diagnosing the issue quicker, but I'll certainly do my best regardless.

Answer 4 · 2022-05-17T08:09:42.000Z

Hi @mikenachbaur-okta,
Our test app is this official demo project. And we are using push MFA feature.

Below is the video for this issue.
https://user-images.githubusercontent.com/87851632/168761639-d7b2ac91-943b-4be0-a212-bdf9eb3c9658.MP4

Hi @paulhchTW, thx for your video help!!!