Skip to content

fix(expo): dismiss browser after SSO/OAuth flow to prevent stuck sessions on re-login#8126

Draft
chriscanin wants to merge 1 commit intomainfrom
chris/fix-sso-browser-dismissal
Draft

fix(expo): dismiss browser after SSO/OAuth flow to prevent stuck sessions on re-login#8126
chriscanin wants to merge 1 commit intomainfrom
chris/fix-sso-browser-dismissal

Conversation

@chriscanin
Copy link
Member

@chriscanin chriscanin commented Mar 19, 2026
edited by coderabbitai bot
Loading

Summary

Fixes browser remaining open in the background after a successful OAuth/SSO flow on some platforms (reported by community user Erwin). When the browser isn't explicitly dismissed, subsequent sign-in attempts fail silently or the browser appears frozen.

  • Wraps openAuthSessionAsync in a try/finally in both useSSO and useOAuth
  • Calls WebBrowserModule.dismissBrowser() unconditionally after the auth session completes, regardless of outcome

Symptoms fixed

  • After signing out and attempting to sign in again via SSO/OAuth, the browser session from the previous login was not killed, causing the second attempt to fail
  • Switching Google accounts caused the SSO page to appear frozen

Test plan

  • Sign in with Google OAuth
  • Sign out
  • Sign in again — should open a fresh browser session without issues
  • Attempt to switch Google accounts — browser should not be frozen

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Bug Fixes
    • Fixed an issue where the in-app browser could remain open after successful OAuth and SSO authentication, preventing subsequent sign-in attempts from working properly.

@vercel
Copy link

vercel bot commented Mar 19, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
clerk-js-sandbox Ready Ready Preview, Comment Mar 19, 2026 4:41pm

Request Review

@changeset-bot
Copy link

changeset-bot bot commented Mar 19, 2026

🦋 Changeset detected

Latest commit: eff72f5

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@clerk/expo Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@github-actions github-actions bot added the expo label Mar 19, 2026
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Mar 19, 2026

📝 Walkthrough

Walkthrough

This pull request introduces a fix for the @clerk/expo package to ensure the in-app browser is properly dismissed after authentication operations complete. The useOAuth and useSSO hooks have been modified to wrap their openAuthSessionAsync calls in try/finally blocks, with dismissBrowser() invoked unconditionally in the finally clause. This guarantees browser dismissal regardless of whether the authentication session succeeds or fails, addressing cases where the browser could remain open in the background following successful authentication and impact subsequent sign-in attempts.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The PR title accurately describes the main change: ensuring the browser is dismissed after SSO/OAuth flows to prevent stuck sessions during re-login.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

📝 Coding Plan
  • Generate coding plan for human review comments

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Mar 19, 2026
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/expo/src/hooks/useOAuth.ts`:
- Around line 80-91: The TypeScript error is caused by destructuring url from
authSessionResult which is a discriminated union; update the logic in
useOAuth.ts around the authSessionResult returned by
WebBrowserModule.openAuthSessionAsync (and the variable authSessionResult) to
first check if authSessionResult.type === 'success' (or !== 'success' to
early-return/handle non-success) before accessing authSessionResult.url,
mirroring the pattern used in useSSO.ts; ensure you only read .url inside the
success branch and handle the other variants (cancel, dismiss, etc.) explicitly
so the compiler no longer sees an unsafe property access.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: ab97e8b2-1aa8-4a0d-9186-79f19ac3ab1b

📥 Commits

Reviewing files that changed from the base of the PR and between e00ec97 and eff72f5.

📒 Files selected for processing (3)
  • .changeset/fix-sso-browser-dismissal.md
  • packages/expo/src/hooks/useOAuth.ts
  • packages/expo/src/hooks/useSSO.ts

@chriscanin chriscanin marked this pull request as draft March 19, 2026 16:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

expo

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chriscanin