On some Android devices, the application crashes after passing the authentication procedure

[mishannn]

Issue

On some Android devices, the application crashes after passing the authentication procedure. Works correctly on most devices.

Config:

const { AUTH_CLIENT_ID, AUTH_CLIENT_SECRET, AUTH_REALM, AUTH_URL, AUTH_APP_SCHEME } = Config;

export function getAuthConfig(): AuthConfiguration {
    return {
        issuer: `${AUTH_URL}/realms/${AUTH_REALM}`,
        clientId: AUTH_CLIENT_ID,
        clientSecret: AUTH_CLIENT_SECRET || undefined,
        redirectUrl: `${AUTH_APP_SCHEME}:/callback`,
        scopes: ['openid'],
    };
}

Error:

Caught exception
java.lang.NullPointerException: Attempt to invoke virtual method 'boolean java.lang.Boolean.booleanValue()' on a null object reference
 at com.rnappauth.RNAppAuthModule.onActivityResult(RNAppAuthModule.java:398)
 at com.facebook.react.bridge.ReactContext.onActivityResult(ReactContext.java:308)
 at com.facebook.react.ReactInstanceManager.onActivityResult(ReactInstanceManager.java:758)
 at com.facebook.react.ReactDelegate.onActivityResult(ReactDelegate.java:90)
 at com.facebook.react.ReactActivityDelegate.onActivityResult(ReactActivityDelegate.java:112)
 at com.facebook.react.ReactActivity.onActivityResult(ReactActivity.java:68)
 at android.app.Activity.dispatchActivityResult(Activity.java:7454)
 at android.app.ActivityThread.deliverResults(ActivityThread.java:4375)
 at android.app.ActivityThread.handleSendResult(ActivityThread.java:4424)
 at android.app.servertransaction.ActivityResultItem.execute(ActivityResultItem.java:49)
 at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:108)
 at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:68)
 at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1818)
 at android.os.Handler.dispatchMessage(Handler.java:106)
 at android.os.Looper.loop(Looper.java:193)
 at android.app.ActivityThread.main(ActivityThread.java:6762)
 at java.lang.reflect.Method.invoke(Native Method)
 at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
 at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)

---

Environment

• Your Identity Provider: Keycloak
• Platform that you're experiencing the issue on: Android
• Are you using Expo?: no

[mishannn]

In this case, the skipCodeExchange is null:

if (this.skipCodeExchange) {
    WritableMap map = TokenResponseFactory.authorizationResponseToMap(response);
    if (promise != null) {
        promise.resolve(map);
    }
    return;
}

If you write a check that the skipCodeExchange is not null, then the following exception is thrown:

Caught exception
java.lang.NullPointerException: additionalExchangeParameters cannot be null
	at net.openid.appauth.Preconditions.checkNotNull(Preconditions.java:55)
	at net.openid.appauth.AuthorizationResponse.createTokenExchangeRequest(AuthorizationResponse.java:454)
	at com.rnappauth.RNAppAuthModule.onActivityResult(RNAppAuthModule.java:414)
	at com.facebook.react.bridge.ReactContext.onActivityResult(ReactContext.java:308)
	at com.facebook.react.ReactInstanceManager.onActivityResult(ReactInstanceManager.java:758)
	at com.facebook.react.ReactDelegate.onActivityResult(ReactDelegate.java:90)
	at com.facebook.react.ReactActivityDelegate.onActivityResult(ReactActivityDelegate.java:112)
	at com.facebook.react.ReactActivity.onActivityResult(ReactActivity.java:68)
	at android.app.Activity.dispatchActivityResult(Activity.java:7454)
	at android.app.ActivityThread.deliverResults(ActivityThread.java:4375)
	at android.app.ActivityThread.handleSendResult(ActivityThread.java:4424)
	at android.app.servertransaction.ActivityResultItem.execute(ActivityResultItem.java:49)
	at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:108)
	at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:68)
	at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1818)
	at android.os.Handler.dispatchMessage(Handler.java:106)
	at android.os.Looper.loop(Looper.java:193)
	at android.app.ActivityThread.main(ActivityThread.java:6762)
	at java.lang.reflect.Method.invoke(Native Method)
	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)

In this line:

TokenRequest tokenRequest = response.createTokenExchangeRequest(this.additionalParametersMap);

[mishannn]

Perhaps the system closes the application during authentication, and after a redirect, the object is reinitialized with null parameters. It may be worthwhile to store the config in the repository.

[FallenDestiny]

Any updates on this?

[mishannn]

I redid the work with authorization using WebView through my own solution, everything works

[Blad3Danc3R]

I am experiencing the same issue (or at least it looks like the same):

Fatal Exception: java.lang.RuntimeException java.lang.NullPointerException: Attempt to invoke virtual method 'boolean java.lang.Boolean.booleanValue()' on a null object reference

Caused by java.lang.NullPointerException Attempt to invoke virtual method 'boolean java.lang.Boolean.booleanValue()' on a null object reference com.rnappauth.RNAppAuthModule.onActivityResult (RNAppAuthModule.java:398) com.facebook.react.bridge.ReactContext.onActivityResult (ReactContext.java:308) com.facebook.react.ReactInstanceManager.onActivityResult (ReactInstanceManager.java:758) com.facebook.react.ReactDelegate.onActivityResult (ReactDelegate.java:90) com.facebook.react.ReactActivityDelegate.onActivityResult (ReactActivityDelegate.java:112) com.facebook.react.ReactActivity.onActivityResult (ReactActivity.java:68) android.app.Activity.dispatchActivityResult (Activity.java:7165) android.app.ActivityThread.deliverResults (ActivityThread.java:4998) android.app.ActivityThread.handleSendResult (ActivityThread.java:5045) android.app.ActivityThread.access$1600 (ActivityThread.java:229) android.app.ActivityThread$H.handleMessage (ActivityThread.java:1875) android.os.Handler.dispatchMessage (Handler.java:102) android.os.Looper.loop (Looper.java:148) android.app.ActivityThread.main (ActivityThread.java:7329) java.lang.reflect.Method.invoke (Method.java) com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run (ZygoteInit.java:1230) com.android.internal.os.ZygoteInit.main (ZygoteInit.java:1120)

Does anybody have any information on what might be the cause? The error happens during authentication and it happens only on Android.

[jorolinux]

I am experiencing the same problem. Any updates on this?

Thanks in advance!

[apstone]

I am also seeing this issue. Would love some direction as I would be happy to provide a PR to help fix this.

[jakecurreri]

I've had this issue for several months. Any help would be greatly appreciated.

[bandojulio]

I am with the same issue here. I think one of the Boolean variables should be a boolean type.
I need to prepare my dev env to test this. Appreciate if anyone could try something around this

[bandojulio]

I've tested version 6.4.0 but keep with the same issue

[tdekoning]

We're also seeing this issue on our production app (react-native-app-auth version 6.4.0). Mainly on Huawei (P30 lite, P smart Z, Mate 20 lite, Y6 2019, Honor 10 lite) devices and budget Samsung (A50 and A32) devices

[GrandjeanIo]

We're also seeing the issue. For now only on Honor 8X (Android 10)

react-native: 0.65.1
react-native-app-auth: 6.4.0

Caused by java.lang.NullPointerException: Attempt to invoke virtual method 'boolean java.lang.Boolean.booleanValue()' on a null object reference
       at com.rnappauth.RNAppAuthModule.onActivityResult(RNAppAuthModule.java:419)
       at com.facebook.react.bridge.ReactContext.onActivityResult(ReactContext.java:305)
       at com.facebook.react.ReactInstanceManager.onActivityResult(ReactInstanceManager.java:762)
       at com.reactnativenavigation.react.ReactGateway.onActivityResult(ReactGateway.java:61)
       at com.reactnativenavigation.NavigationActivity.onActivityResult(NavigationActivity.java:94)
       at android.app.Activity.dispatchActivityResult(Activity.java:8413)
       at android.app.ActivityThread.deliverResults(ActivityThread.java:5464)
       at android.app.ActivityThread.handleSendResult(ActivityThread.java:5512)
       at android.app.servertransaction.ActivityResultItem.execute(ActivityResultItem.java:51)
       at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:149)
       at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:103)
       at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2386)
       at android.os.Handler.dispatchMessage(Handler.java:107)
       at android.os.Looper.loop(Looper.java:213)
       at android.app.ActivityThread.main(ActivityThread.java:8178)
       at java.lang.reflect.Method.invoke(Method.java)
       at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:513)
       at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1101)```

[kvntzn]

any updates on this ? experiencing this only on production app

[sagupta1001]

+1 seeing this in our React native project as well.
Using react-native-app-auth 6.2.0 and react-native 0.64.1.

[bberak]

I've also been experiencing this error. The strange thing is - I'm explicitly passing skipCodeExchange as true. As I'm not a Java developer - this has me scratching my head a bit..

I don't see how this line 419 can be throwing an error considering this method invocation from the RN side:

export const authorize = ({
  issuer,
  redirectUrl,
  clientId,
  clientSecret,
  scopes,
  useNonce = true,
  usePKCE = true,
  additionalParameters,
  serviceConfiguration,
  clientAuthMethod = 'basic',
  dangerouslyAllowInsecureHttpRequests = false,
  customHeaders,
  additionalHeaders,
  skipCodeExchange = false,
}) => {
  validateIssuerOrServiceConfigurationEndpoints(issuer, serviceConfiguration);
  validateClientId(clientId);
  validateRedirectUrl(redirectUrl);
  validateHeaders(customHeaders);
  validateAdditionalHeaders(additionalHeaders);
  // TODO: validateAdditionalParameters

  const nativeMethodArguments = [
    issuer,
    redirectUrl,
    clientId,
    clientSecret,
    scopes,
    additionalParameters,
    serviceConfiguration,
    skipCodeExchange,
  ];

  if (Platform.OS === 'android') {
    nativeMethodArguments.push(useNonce);
    nativeMethodArguments.push(usePKCE);
    nativeMethodArguments.push(clientAuthMethod);
    nativeMethodArguments.push(dangerouslyAllowInsecureHttpRequests);
    nativeMethodArguments.push(customHeaders);
  }

  if (Platform.OS === 'ios') {
    nativeMethodArguments.push(additionalHeaders);
    nativeMethodArguments.push(useNonce);
    nativeMethodArguments.push(usePKCE);
  }

  return RNAppAuth.authorize(...nativeMethodArguments);
};

And this method definition on the native side:

@ReactMethod
    public void authorize(
            String issuer,
            final String redirectUrl,
            final String clientId,
            final String clientSecret,
            final ReadableArray scopes,
            final ReadableMap additionalParameters,
            final ReadableMap serviceConfiguration,
            final Boolean skipCodeExchange,
            final Boolean useNonce,
            final Boolean usePKCE,
            final String clientAuthMethod,
            final boolean dangerouslyAllowInsecureHttpRequests,
            final ReadableMap headers,
            final Promise promise
    ) {
        this.parseHeaderMap(headers);
        final ConnectionBuilder builder = createConnectionBuilder(dangerouslyAllowInsecureHttpRequests, this.authorizationRequestHeaders);
        final AppAuthConfiguration appAuthConfiguration = this.createAppAuthConfiguration(builder, dangerouslyAllowInsecureHttpRequests);
        final HashMap<String, String> additionalParametersMap = MapUtil.readableMapToHashMap(additionalParameters);

        // store args in private fields for later use in onActivityResult handler
        this.promise = promise;
        this.dangerouslyAllowInsecureHttpRequests = dangerouslyAllowInsecureHttpRequests;
        this.additionalParametersMap = additionalParametersMap;
        this.clientSecret = clientSecret;
        this.clientAuthMethod = clientAuthMethod;
        this.skipCodeExchange = skipCodeExchange;
        this.useNonce = useNonce;
        this.usePKCE = usePKCE;

On the native side, skipCodeExchange is only ever set in the one location.

... Unless there is more than one instance of RNAppAuthModule on the native side? So when public void onActivityResult(Activity activity, int requestCode, int resultCode, Intent data) is called when the OAuth browser activity completes - the skipCodeExchange field could be null depending on which instance is being called?

I guess this is also what @Mishann is implying above:

Perhaps the system closes the application during authentication, and after a redirect, the object is reinitialized with null parameters. It may be worthwhile to store the config in the repository.

I redid the work with authorization using WebView through my own solution, everything works

@Mishann can you elaborate at all on this? 🙏

[ghost]

Still facing this issue on latest version of react-native-app-auth

"react-native": "0.66.2",
"react-native-app-auth": "6.4.0",

[barrymichaeldoyle]

Has anybody found a work around for this yet?

[DennisOstertag]

Got the same problem on a Xiaomi Mi 8 Lite using Android 10. We are using react-native-app-auth at version 6.4.0.

[asami95]

Did anyone solve this issue?

[nachoperez714]

This is the same issue as #672.
Apparently there's a PR with a fix Nirodha26#1 but it still hasnt been merged into official and included in a release.

It would be great if it was merged into official

[carbonrobot]

Closing and moving discussion to #743 as that captures the issue and links to the upstream repo.

[CrazyStoneJy]

still crash for some android devices