expo: standalone iOS app, login credentials saved with SecureStorage are not available after version update
Environment
Environment: OS: macOS High Sierra 10.13.6 Node: 10.5.0 Yarn: 1.7.0 npm: 6.1.0 Watchman: 4.9.0 Xcode: Xcode 9.3.1 Build version 9E501 Android Studio: 3.1 AI-173.4907809
Packages: (wanted => installed) expo: ^28.0.0 => 28.0.1 react: 16.3.1 => 16.3.1 react-native: https://github.com/expo/react-native/archive/sdk-28.0.0.tar.gz => 0.55.4
Standalone for iOS and Android
Steps to Reproduce
- Use SecureStorage to store login information, with static key
- Release standalone iOS app through app store
- release app update
- Observe that after updating to latest version of app users are logged out
Expected Behavior
Expect user to remain logged in as secure storage credentials should not be affected by app update.
This is the behavior we see on android with standalone app released through the play store, as well as the behavior seen in local dev and through the expo client.
Actual Behavior
3 separate users report that after updating versions they are logged out. This is our first update release so this is the first opportunity we’ve had to observe this behavior.
Reproducible Demo
Since the issue only affects standalone apps, on iOS, after update, it’s difficult to provide a reproducible demo. If it’s helpful i can try to create a snack. Here is the portion of code we are using to interact with secure storage
import { SecureStore, Constants, } from 'expo'
const releaseChannel = Constants.manifest.releaseChannel || 'development'
const LOGIN_KEY = `login-${releaseChannel}`
const LoginStorage = {
get: async () => {
try {
const result = await SecureStore.getItemAsync(LOGIN_KEY)
return JSON.parse(result)
} catch (err) {
throw new Error(err)
}
},
set: async (loginData) => {
return SecureStore.setItemAsync(LOGIN_KEY, JSON.stringify(loginData))
},
clear: async () => {
return SecureStore.deleteItemAsync(LOGIN_KEY)
},
}
export default LoginStorage
just to reiterate, persisting login works perfectly well during local development, in the expo client, on android, and in iOS normally. After a version update is the only scenario in which it doesn’t work.
here’s a diff of our app.json, we have not changed any of the app metadata besides version and supports tabletFalse
index ff2ce10..3c492a2 100644
--- a/app.json
+++ b/app.json
@@ -6,7 +6,7 @@
"privacy": "unlisted",
"sdkVersion": "28.0.0",
"platforms": ["ios", "android"],
- "version": "1.0.39",
+ "version": "1.0.43",
"orientation": "portrait",
"icon": "./assets/icon.png",
"splash": {
@@ -22,11 +22,12 @@
],
"ios": {
"icon": "./assets/icon-ios.png",
- "bundleIdentifier": "com.cardash.cardash"
+ "bundleIdentifier": "com.cardash.cardash",
+ "supportsTablet": false
},
"android": {
- "package": "com.cardash.cardash",
- "versionCode":39
+ "package": "com.cardash.cardashapp",
+ "versionCode":43
}
}
}
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Reactions: 1
- Comments: 16 (8 by maintainers)
i will attempt to reproduce this and get back to you
Same issue here:
The problem appears both on Android and iOS.
This is still an issue. When updating the app from appstore our users are logged-out. Did anyone come up with a workaround other than ejecting expo kit?
We ended up migrating users from
expo-secure-storagetoreact-native-keychainin an ExpoKit build and then used bare builds going forward. Unfortunately some users that didn’t install the migration version and were locked out 😕 So we had to build unlock feature in our wallet app: https://twitter.com/lightning_help/status/1151050162611064832I like expo as a tool for getting an MVP out there quickly and I think the devs are doing great work. But for critical things like keychain access I would highly recommend using react-native modules maintained by the community in separate github repos. There the visibility of issues and focus is much better:
have similar issue from time to time on android. after update version can not read items from SecureStore.