Android Kotlin - bad name / password AuthenticationFailureException crashes app

Nathan · October 21, 2021, 1:00pm

Platform: Android
Language: Kotlin
Okta SDK: Custom Login
GitHub Sample code: Okta GitHub Kotlin sample
Scenario: Entering an invalid name / password throws AuthenticationFailureException and crashes app.

I’m attempting to validate and test the custom login SDK for the Android / Kotlin GitHub samples. Happy path works great and I can authenticate and logout. However, if I were to fat finger a name or password, the app crashes and logs the AuthenticationFailureException. I thought that a bad validation error would be trapped / handled by the onError function in the RequestCallback class, but tracing the stack dump, the untrapped error is passed all the way back and crashes the app.

Any advice?

private fun authenticateUser(username: String, password: String) {
        GlobalScope.launch(Dispatchers.Main) {
            withContext(Dispatchers.IO) {
                authenticationClient.authenticate(
                    username, password.toCharArray(),
                    null, null
                )
            }?.run {
                authClient.signIn(sessionToken, null, object :
                    RequestCallback<Result, AuthorizationException> {
                    override fun onSuccess(result: Result) {
                        signInSuccess()
                    }

                    override fun onError(error: String?, exception: AuthorizationException?) {
                        signInError(error, exception)
                    }
                })
            }
        }
    }

8999-8999/com.okta.sample E/AndroidRuntime: FATAL EXCEPTION: main
    Process: com.okta.sample, PID: 8999
    com.okta.authn.sdk.AuthenticationFailureException: Authentication failed
        at com.okta.authn.sdk.impl.client.DefaultAuthenticationClient.translateException(DefaultAuthenticationClient.java:319)
        at com.okta.authn.sdk.impl.client.DefaultAuthenticationClient.doPost(DefaultAuthenticationClient.java:308)
        at com.okta.authn.sdk.impl.client.DefaultAuthenticationClient.authenticate(DefaultAuthenticationClient.java:82)
        at com.okta.authn.sdk.client.AuthenticationClient.authenticate(AuthenticationClient.java:108)
        at com.okta.authn.sdk.impl.client.DefaultAuthenticationClient.authenticate(DefaultAuthenticationClient.java:73)
        at com.okta.sample.MainActivity$authenticateUser$1$1.invokeSuspend(MainActivity.kt:229)
        at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
        at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:56)
        at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:571)
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:738)
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:678)
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:665)
     Caused by: com.okta.sdk.resource.ResourceException: HTTP 401, Okta E0000004 (Authentication failed), ErrorId oaenDoOQDNoTrG4SOpX7hp6Eg
        at com.okta.sdk.impl.ds.DefaultDataStore.execute(DefaultDataStore.java:461)
        at com.okta.sdk.impl.ds.DefaultDataStore.lambda$save$2$DefaultDataStore(DefaultDataStore.java:317)
        at com.okta.sdk.impl.ds.-$$Lambda$DefaultDataStore$gKSDnks1-IbOCylz54X-TzaK5-s.filter(Unknown Source:8)
        at com.okta.sdk.impl.ds.DefaultFilterChain.filter(DefaultFilterChain.java:47)
        at com.okta.sdk.impl.ds.DefaultDataStore.save(DefaultDataStore.java:349)
        at com.okta.sdk.impl.ds.DefaultDataStore.create(DefaultDataStore.java:247)
        at com.okta.authn.sdk.impl.client.DefaultAuthenticationClient.doPost(DefaultAuthenticationClient.java:300)
        at com.okta.authn.sdk.impl.client.DefaultAuthenticationClient.authenticate(DefaultAuthenticationClient.java:82) 
        at com.okta.authn.sdk.client.AuthenticationClient.authenticate(AuthenticationClient.java:108) 
        at com.okta.authn.sdk.impl.client.DefaultAuthenticationClient.authenticate(DefaultAuthenticationClient.java:73) 
        at com.okta.sample.MainActivity$authenticateUser$1$1.invokeSuspend(MainActivity.kt:229) 
        at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) 
        at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:56)

Nathan · October 21, 2021, 2:07pm

Ok, after looking at the handler, it handles AUTHORIZATION errors and not AUTHENTICATION errors. Would be good to trap the AUTHENTICATION error thrown in the withContext and handle similarly to the Authorization errors (see sample working code below)

For other developers reference, the example comes from this Okta GitHub Kotlin sample

    private fun authenticateUser(username: String, password: String) {
        GlobalScope.launch(Dispatchers.Main) {

            try {
                withContext(Dispatchers.IO) {
                    authenticationClient.authenticate(
                        username, password.toCharArray(),
                        null, null
                    )
                }?.run {
                    authClient.signIn(sessionToken, null, object :
                        RequestCallback<Result, AuthorizationException> {
                        override fun onSuccess(result: Result) {
                            signInSuccess()
                        }

                        override fun onError(error: String?, exception: AuthorizationException?) {
                            signInError(error, exception)
                        }
                    })
                }
            }
            catch (e: AuthenticationException) {
                Log.e(tag, "bad authentication", e)
                signInError(e.message, null)
            }
        }
    }

system · October 22, 2021, 2:07pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.