Logout > Login sometimes restores previous credentials

[tristan-warner-smith]

Describe the bug
After calling the log out API and subsequently attempting to log in again with a different email address, we're being logged in with the previous credentials not the ones entered.

To Reproduce
In code terms we're calling:

try await magic.user.getIdToken().async() // which throws
try await magic.auth.loginWithEmailOTP(.init(email: "firstEmail@test.com")).async()
// Then we log out
try await magic.user.logout().async()
// Then we go to log in with a different email address but
try await magic.user.getIdToken().async() // returns the previous token
// Which means they're logged in but with the previous email

Steps to reproduce the behavior:

• As above

Expected behavior
Once you've called the logOut() method, subsequent calls to getIdToken will throw.

Environment

• Package Version: 10.0.0
• Xcode Version: 15.2, 15.3 beta
• Swift Version: 5.9, 5.10
• Simulator / Device OS: * Simulator + Device (iOS 17.2.1, iOS 17.4)

Additional context
Log out is an unusual operation in our app but this issue is subjectively reproducible 15-25% of the time in our testing.

[Ariflo]

Hi Tristan, Thank you for bringing this to our attention. We are in the middle of triaging it and will address the issue shortly!

[Ariflo]

@tristan-warner-smith quick update, both issues you've brought up will be addressed before the end of next week. Thank you for your patience.

[tristan-warner-smith]

Thanks @Ariflo, this one is disproportionately affecting our development process as we regularly have to change accounts and we're regularly ending up with the wrong state.

[tristan-warner-smith]

@tristan-warner-smith quick update, both issues you've brought up will be addressed before the end of next week. Thank you for your patience.

Hey @Ariflo, I'm guessing the credential caching-issue turned out to be trickier than expected. Are they still on track for a release this week?

[Ariflo]

@tristan-warner-smith yes, apologies for the delay. We're working on getting this fix up and out asap!

[tristan-warner-smith]

Hey @Ariflo it looks like this is an issue on our side with our interpretation of how.async() can be used in the sdk.

On the surface it looked like it took a promise-bearing method and made it async + throwing, whereas in fact the completion-closure sdk methods almost all return a response type and the async method doesn't unwrap the response and throw an error.

We've changed our use of the sdk to be for example:
try await magic.user.getIdToken().async which would never throw to

func getIdToken() async throws -> String? {
        try await withCheckedThrowingContinuation { continuation in
            magic.user.getIdToken { response in
                if let error = response.error {
                    continuation.resume(throwing: error)
                } else {
                    continuation.resume(returning: response.result)
                }
            }
        }
    }

Changing all our sdk use to follow this pattern seems to have fixed the caching issue we were seeing.

[Ariflo]

@tristan-warner-smith we're glad to hear you were able to resolve your caching issues. We're working on getting our iOS SDKs and demo apps up-to-date with the latest versions of Swift. We'll make sure to note this down on the README to avoid further confusion. Thanks!

[tristan-warner-smith]

@Ariflo unfortunately I spoke too soon, can you reopen this issue?
The behaviour we're seeing is that the logout call returns success, we see it in the response returned but the subsequent call to user.getIdToken returns a token, not nil like it should.

[tristan-warner-smith]

@Ariflo I spent some time looking at the iOS code that's visible and, although I can't see the full javascript or the loaded webpage and can only guess what is causing this caching behaviour. I wonder if you've explored clearing WKWebsiteDataStore or HTTPCookieStorage.shared.

As I mentioned this is significantly impacting our development and sign-off processes so anything we can do to help / speed the resolution up, let me know.