1794220 - FxaAccountManager needs to better handle failures during finishAuthenticationAsync

Status: NEW

(Firefox for Android :: Accounts and Sync, task)

Description

[Jonathan Almeida [:jonalmeida]]

From github: https://github.com/mozilla-mobile/android-components/issues/3712.

During a sign-in flow, fxa web content will display a "Success" UI once it provides the application with an oauth code. Application is then expected to redeem that code, via a call to fxa_complete_oauth_flow.
In the FxaAccountManager, this happens as part of a call to finishAuthenticationAsync.

However, fxa_complete_oauth_flow talks to a service over a network, and so it may fail. Currently we will handle only one type of network errors - if we hit a 401. Otherwise, account manager makes this call and pretends that it succeeds. This results in an incorrect behaviour in case of failures: onAuthenticated callback will be called, and we'll transition into an authenticated state without having redeemed our oath code. Account manager will tell the application that it's authenticated, but in practice we'll be in a bad in-between state.

There are a few actionable things here:

• make sure we don't proceed into "authenticated" state in case fxa_complete_oauth_flow fails
• let the application know of this failure, so that it may recover - likely by restarting the authentication flow. Such recovery will result in user seeing a network error page (in case of a persistent network error), or seeing a sign-in form.

It's also interesting to consider changing fxa to delay displaying the success UI until after the oauth code has been redeemed (e.g. via polling). This will help simplify error handling cases for the applications, since error states can be (entirely?) owned by the fxa web content. However, that's not really an "oauth way", and likely has a broader set of problems than handling edge cases like this on the client. cc @rfk

┆Issue is synchronized with this Jira Task

Change performed by the Move to Bugzilla add-on.