Password is destroyed when PowerAuthAuthentication is released by GC #607

hvge · 2024-07-25T12:50:53Z

If PowerAuthAuthentication object is being released by GC, then it also destroys assigned Password object. This is highly unwanted behavior, because the Password object instance might be referenced elsewhere in the application. That may lead to a random authentication failures as we encountered in #606

The text was updated successfully, but these errors were encountered:

hvge · 2024-07-25T13:20:10Z

After a deeper analysis I think that this will be triggered only if application is keeping its own Password object and try to sign two HTTP requests with the same password in a sequence. The second attempt may randomly fail on a mystic exception PowerAuthErrorException: Session is no longer valid.

hvge added bug android labels Jul 25, 2024

hvge self-assigned this Jul 25, 2024

hvge mentioned this issue Jul 25, 2024

Don't destroy Password when PowerAuthAuthentication is GCed #608

Merged

hvge added a commit that referenced this issue Jul 25, 2024

Merge pull request #608 from /issues/607-android-password-destroy

fff34bf

hvge closed this as completed in #608 Jul 25, 2024

hvge mentioned this issue Oct 21, 2024

Investigate PowerAuthPassword usage in commitActivation wultra/react-native-powerauth-mobile-sdk#213

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Password is destroyed when PowerAuthAuthentication is released by GC #607

Password is destroyed when PowerAuthAuthentication is released by GC #607

hvge commented Jul 25, 2024

hvge commented Jul 25, 2024 •

edited

Loading

Password is destroyed when PowerAuthAuthentication is released by GC #607

Password is destroyed when PowerAuthAuthentication is released by GC #607

Comments

hvge commented Jul 25, 2024

hvge commented Jul 25, 2024 • edited Loading

hvge commented Jul 25, 2024 •

edited

Loading