Performing notifyLogin
request can include previous keychain sig
in request body.
#85
Open
2 tasks done
Labels
bug
Something isn't working
Checklist
Description
When logging in we perform a
accounts.notifyLogin
passing theUIDSig
UIDSignature
+UIDTimestamp
we get from our account service.This works fine for a fresh app install when there is no
GigyaSession
persisted to keychain.If for whatever reason a Keychain is not cleared but we attempt to login again, a subsequent
accounts.notifyLogin
will pass thesig
; resulting in the following response:Repeating the same request omitting the
sig
will correctly return a 200 response with oursessionInfo
required for persisting newGigyaSession
.We don't have the ability to remove keychain without performing
gigya.logout
which subsequently callsremoveFromKeychain
.This means that we must perform a
gigya.logout
prior to anyaccounts.notifyLogin
requests to ensure no previous keychains session data is passed.Reproduction
GigyaSession
to gigya sdkgigya.setSession(.init(sessionToken: "bad", secret: "bad"))
accounts.notifyLogin
with newUID
Additional context
No response
SDK version
1.6.3
The text was updated successfully, but these errors were encountered: