Community
Select to view content in your preferred language

iOS: credentials persist after app uninstall

144
1
Jump to solution
3 weeks ago
Labels (1)
Labels
EgorFedorov
by
Occasional Contributor
3 weeks ago

I've moved to 200.7 some time ago and applied credentials persistence (I am using OAuth for AGOL sign in). My code is just 1 line in `main.dart` right before `runApp()` call:

 

ArcGISEnvironment.authenticationManager.arcGISCredentialStore = await ArcGISCredentialStore.initPersistentStore();


I see some unexpected behaviour on iOS related to this. Here are the steps.

  1. Open app, load some data requiring authentication (say, secure feature layer)
  2. You will be asked for credentials. Data is loaded correctly.
  3. Uninstall app and install it again
  4. Load the same data. App does not prompt OAuth window, but instead just loads feature layer.

Is it intended? Maybe, I'm doing something wrong? But I don't see any parameters to control this: I don't save credentials in iCloud, for example.


Android, in turn, works as expected: it does not ask for credentials again after app restarts, but does - when app is removed and installed again.


My testing devices are iPhone 15 simulator w/ iOS 17.2 and iPhone 16 simulator w/ iOS 18.4

0 Kudos
1 Solution

Accepted Solutions
Kevin_Mueller
by Esri Contributor
Esri Contributor
3 weeks ago

Hello Egor,

On iOS, the Flutter SDK uses the Keychain to store credentials. According to this post , the Keychain entries for an app are not removed when the app is uninstalled. This means that when the app is reinstalled, any credentials stored from the previous installation will be accessible to the new installation. Unless the credential tokens are revoked before the app is deleted, the tokens will persist between app uninstall and reinstall cycles.

You can use the following code to revoke a tokens for an app: 

    await Future.wait(

      ArcGISEnvironment.authenticationManager.arcGISCredentialStore

          .getCredentials()

          .whereType<OAuthUserCredential>()

          .map((credential) => credential.revokeToken()),

    );

    ArcGISEnvironment.authenticationManager.arcGISCredentialStore.removeAll();

 

View solution in original post

0 Kudos
1 Reply
Kevin_Mueller
by Esri Contributor
Esri Contributor
3 weeks ago

Hello Egor,

On iOS, the Flutter SDK uses the Keychain to store credentials. According to this post , the Keychain entries for an app are not removed when the app is uninstalled. This means that when the app is reinstalled, any credentials stored from the previous installation will be accessible to the new installation. Unless the credential tokens are revoked before the app is deleted, the tokens will persist between app uninstall and reinstall cycles.

You can use the following code to revoke a tokens for an app: 

    await Future.wait(

      ArcGISEnvironment.authenticationManager.arcGISCredentialStore

          .getCredentials()

          .whereType<OAuthUserCredential>()

          .map((credential) => credential.revokeToken()),

    );

    ArcGISEnvironment.authenticationManager.arcGISCredentialStore.removeAll();

 

0 Kudos