issue: auth-client v0.13.x login blocked on iOS
peterpeterparker opened this issue · comments
Describe the bug
Depending of its implementation (see code snippets below), using auth-client v0.13.x
to create an object and login can ends up being blocked on iOS.
The root cause seems to be the same in PR #618. If async call within a function that calls window.open
are performed, Safari seems to interpret the process as a no user interation and therefore blocks the opening of the window. However, in comparison to desktop, on iOS there are no prompt that are displayed and the opening is simply blocked.
What does not work - what works
Following code snippet does not work on iOS - i.e. if bind to a button, the button will have no effect.
const login = async () => {
const authClient = await AuthClient.create();
await authClient.login({
onSuccess: () => console.log('Auth success'),
onError: (err) => console.error('Auth error', err),
identityProvider: `http://ryjl3-tyaaa-aaaaa-aaaba-cai.localhost:8000?#authorize`
});
}
On the contrary, following works out. AuthClient
should be instantiated outside of the function that effectively calls login
:
let authClient;
const init = async () => {
authClient = await AuthClient.create();
};
const login = async () => {
await authClient?.login({
onSuccess: () => console.log('Auth success'),
onError: (err) => console.error('Auth error', err),
identityProvider: `http://ryjl3-tyaaa-aaaaa-aaaba-cai.localhost:8000?#authorize`
});
}
Root cause of the issue
Fundamentally the fact that AuthClient.create()
does not seem to be an issue according my test but, the migration script that migrates the sessions from local storage to indexeddb seems the root cause. More precisely the async call to indexeddb. While debugging, I noticed that commenting out this part solves the issue as well.
Possible solutions (spontaneous ideas only)
- accept limitation and document it
- refactor (move) or remove migration script (local storage -> idb) from
AuthClient.create
(but this won't prevent future issue) - refactor Auth client to avoid async calls during the all flow that should lead to
window.open