Handling exception: SDK canceled the auth flow

[slakshmanan-isn]

Describe the bug

Note: This is not a bug in the MSAL SDK. We want to get some guidance/best practices on handling a scenario.

We use the MSAL library for password-less login using a phone number and OTP code sent to the phone. I'm running into a scenario we see an error.

com.microsoft.identity.client.exception.MsalClientException: Sdk canceled the auth flow as the app launched a new interactive auth request.

Smartphone:

• Device: Google Pixel 4
• Android Version: Android 13
• Browser: Chrome
• MSAL Version: We were using 2.2.3 and I updated to 4.4.0 as well and noticed the same issue.

Stacktrace
Attached logs:
azure-login-flow.log

To Reproduce
(Generic steps as I can't disclose app details)

1. User launches the app and starts the login flow
2. Enter the phone number to receive an OTP code.
3. Switches to the "Message" app to see the OTP (the app is still running, not visible to the user)
4. Instead of returning to the running app from recent apps (Depending on the Android phone model, this is achieved by a button or swipe up),

Some users relaunch the app by going to the list of apps and tapping on the app icon.

5. A new instance of the app(activity) is launched, and the MSAL auth library recognizes there was an ongoing authentication flow earlier and cancels it, and throws an error as it considers launching a new authentication request

com.microsoft.identity.client.exception.MsalClientException: Sdk canceled the auth flow as the app launched a new interactive auth request.

Our initial idea was to catch this exception and restart the auth flow manually, but then this will become a loop where the user repeats the same step.

Is there a way to resume the authentication flow from where it was left in this scenario? or Is there any recommended way of handling the exception thrown?

Additional context

1. We used the 'SingleTop' launch mode to open the existing activity if it exists, but that didn't help. (SingleInstance didn't help either)
2. Ideally, this is a user training issue where they should go to recent apps and open the app; however, We can only partially rely on that solution and would like to provide a technical solution if possible.
3. I initially created a thread in the discussion board to get feedback from the community, but I was asked to post it here to get the right people involved.

Appreciate the support!

[negoe]

Hi @slakshmanan-isn , Thanks for posting it here. We are taking a look into your issue and will get back with response.

[negoe]

@slakshmanan-isn • You can try one of these option based on your convenience. Please note that we have not yet validated or tested each option ourselves. The list is intended to offer you a range of possibilities to consider, and we encourage you to try them out based on your specific needs and preferences.

• Use Custom Tabs or Browser: Instead of relaunching the app, consider using custom tabs or launching a browser to display the OTP code. This way, the app remains in the background, and the authentication flow can continue seamlessly when the user returns to it. OR

• Maintain an auth state variable to detect an ongoing authentication flow in your app. When the app is relaunched, check if there is an existing authentication flow in progress using the state variable status. If so, the dev can either prompt the user to return to the previous instance of the app or display a message informing them that an authentication flow is already in progress. OR

• Store the state of the authentication flow (e.g., phone number, OTP code) in a persistent storage (e.g., SharedPreferences, a local database). When the app is relaunched, retrieve the stored data and resume the authentication flow from where it was left off. Make sure to handle any expired OTP codes or potential security risks associated with storing sensitive information.

Hope that you find a solution that meets your requirements. If you have any further questions, please don't hesitate to ask.