Skip to content

Fix: Handle configuration changes correctly to prevent memory leak #846

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
utkrishtsahu wants to merge 1 commit into from
Closed

Fix: Handle configuration changes correctly to prevent memory leak #846

utkrishtsahu wants to merge 1 commit into from

Conversation

@utkrishtsahu
Copy link
Contributor

@utkrishtsahu utkrishtsahu commented Jul 15, 2025
edited
Loading

Description

This PR fixes bug where a configuration change (e.g., device rotation) during the web authentication flow would cause a memory leak and crash the application.

The WebAuthProvider was holding a direct reference to the callback from the Activity or Fragment that started the login. When the device was rotated, the original Activity/Fragment was destroyed, but the SDK still held onto the stale reference. When the login result returned, it was sent to this destroyed context, causing an IllegalStateException and preventing the new, active UI from receiving the result.

Changes

The WebAuthProvider.java now maintains a static list of active callbacks. This list survives configuration changes, ensuring it can always deliver a pending result to a valid listener.

The DatabaseLoginFragment is updated to correctly manage its lifecycle. It registers itself as a listener in onStart() by calling WebAuthProvider.addCallback(this) and unregisters in onStop() with WebAuthProvider.removeCallback(this).

References

#835

Testing

All existing Unit tests are passed

Checklist

@utkrishtsahu utkrishtsahu requested a review from a team as a code owner July 15, 2025 04:46
@utkrishtsahu utkrishtsahu requested review from pmathew92 and removed request for pmathew92 July 15, 2025 05:12
pmathew92
pmathew92 reviewed Jul 15, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/provider/WebAuthProvider.kt
ctOptions = options
return this
}

Copy link
Contributor

@pmathew92 pmathew92 Jul 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please don't remove the extra lines between methods

pmathew92
pmathew92 reviewed Jul 15, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/provider/WebAuthProvider.kt
}

internal fun onRestoreInstanceState(bundle: Bundle) {
if (managerInstance == null) {
Copy link
Contributor

@pmathew92 pmathew92 Jul 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't this check required now?

@pmathew92
Copy link
Contributor

pmathew92 commented Jul 15, 2025

Code formatting has been distorted. Please fix them
Add tests for the new changes added

@francescocervone
Copy link

francescocervone commented Jul 21, 2025

Hi.
I am the author of the mentioned issue.

How does this change fix the issue?
In both the start and await cases, login and logout.

If the listener passed to the start method is coming from the caller Activity and a configuration change happens, we are basically storing a reference to the destroyed Activity in a global variable (because the WebAuthProvider is a Kotlin object).

So, when the result comes from the browser, it is dispatched to the destroyed Activity.

Could you please explain how this works?

Thanks!

@pmathew92
Copy link
Contributor

pmathew92 commented Jul 21, 2025
edited
Loading

Hi @francescocervone , This PR was created with the intention of being a temporary fix for the memory leak issue while we migrate to the recommended approach in the next major release, but as you mentioned we won't be able to handle all the scenarios with this method . We will be closing this

@pmathew92 pmathew92 closed this Jul 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pmathew92 pmathew92 pmathew92 left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@utkrishtsahu @pmathew92 @francescocervone