You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Adam has mentioned a few times that when he opens SSW Rewards after a long time, he can't log in automatically.
As per our conversation I suspect this may be related to the app getting offloaded due to inactivity. When an app is offloaded by the OS, its state is backed up first, but by default Secure Storage is not included in backups.
We should investigate this to see whether it can resolve the issue.
You also mentioned that previously we had explicitly excluded refresh tokens from backup as they would be expired by the time the app was restored. We should try to mitigate this though.
Related to that last point, we also have a small bug here:
We call SignInAsync when the refresh fails, however SignInAsync has prompt=login hardcoded. When calling this from the refresh method, we should try prompt=none first to attempt to authenticate silently. With this hardcoded, it will always prompt the user for credentials, even if they have a valid session.
What code could be improved?
We should ensure the refresh tokens are restored when an app is rehydrated after offloading. We should also ensure the app attempts to silently authenticate prior to prompting the user for credentials.
Tasks
Investigate backup of secure storage
Investigate offloading/rehydration and secure storage backups
Refactor the signin method to allow passing a flag to indicate whether silent authentication should be attempted first
Cc: @adamcogan @sethdaily @zacharykeeping
Hi @AntPolkanov
Pain
Adam has mentioned a few times that when he opens SSW Rewards after a long time, he can't log in automatically.
As per our conversation I suspect this may be related to the app getting offloaded due to inactivity. When an app is offloaded by the OS, its state is backed up first, but by default Secure Storage is not included in backups.
We should investigate this to see whether it can resolve the issue.
You also mentioned that previously we had explicitly excluded refresh tokens from backup as they would be expired by the time the app was restored. We should try to mitigate this though.
Related to that last point, we also have a small bug here:
SSW.Rewards.Mobile/src/MobileUI/Services/AuthenticationService.cs
Line 55 in 5c33396
We call
SignInAsyncwhen the refresh fails, howeverSignInAsynchasprompt=loginhardcoded. When calling this from the refresh method, we should tryprompt=nonefirst to attempt to authenticate silently. With this hardcoded, it will always prompt the user for credentials, even if they have a valid session.What code could be improved?
We should ensure the refresh tokens are restored when an app is rehydrated after offloading. We should also ensure the app attempts to silently authenticate prior to prompting the user for credentials.
Tasks
Acceptance Criteria
More Information
You may also still need to investigate refresh token lifetime.
Screenshots
Thanks!
The text was updated successfully, but these errors were encountered: