Hey there again!
I found out that you’re also already working on that with Amin Abbaspour. Not sure where you stopped but basically what I can see from our internal engineering ticket:
This is expected behavior. To reproduce using the Auth0 Android sample app:
- Launch app and login with the WebAuthProvider (don’t logout)
- Quit and uninstall Login sample app in the emulator
- Re-install/run the sample app
- Click login - no redirect to login with credentials, instead shows session still valid
Because web authentication is being used, the user’s session cookie is managed by the browser. Calling WebAuthProvider.logout() will redirect to the Auth0 logout page, and clear the session cookie. Uninstalling the app without logging out won’t/can’t clear the browser’s session cookie. So upon reinstalling the app and attempting to login, the browser’s session cookie will identify the user as authenticated, and they will not be directed to login with their credentials.
A way to verify this behavior is to do one of two things between steps 2) and 3) above:
- Clear the browser’s cookies; notice that then on app re-install/login the user will be required to authenticate
- Call the WebAuthProvider.logout() method prior to calling login()
If either are those are done, you can observe the user will be asked to authenticate after reinstalling the application.