Android 11 capacitor-secure-storage-plugin issue

We’re in the process of updating our Angular / Ionic 6 app so it can use Okta authentication and to do this we are using the ionic-appauth library. That library uses the capacitor-secure-storage-plugin to store it’s authentication token on the device.

We’ve come across a problem that only seems to occur on our Android 11 test devices - other versions of Android work as do all versions of iOS.

The problem occurs when the application is fully closed by the user i.e when they swipe-to-close it so it it not running in background.

On all devices apart from the Android 11 ones, the app opens up and the user is authenticated because their token is retrieved from storage. On the Android 11 device an error occurs (“Valid token could not be found”).

In other areas of the app we use the non-secure capacitor storage plugin and anything stored there is retrieved ok on startup of the app. So it looks like it’s simply an issue with Android 11 and the secure storage plugin.

Has anyone come across this or would have any idea if there is any solution - did Android 11 have specific storage settings that other versions do not have? (Android 12 works fine)

We still have this issue. On my Samsung device (Android 11) our Okta authentication fails every time when you close the app fully and reopen it. I’m pretty sure this must be some sort of storage issue - the Okta library is failing to get the token. Has anyone else seen anything similar (storage related) on Android 11 ?

This is a very late answer but looks like no one really answers here anymore…

I had a similar problem that you had with ionic-appauth but in all android versions, after seeing the source code of ionic-appauth I realized they do not handle the refresh token well at app start and run into race conditions.

I just created my own service that calls my identify provider SSO endpoints and I store the token myself.

Thanks @distante do you mean you ended up not using the ionic-appauth library at all, you wrote your own service?

Yes, I wrote my own service. Although I am using Keycloak the process are the same: OpenID Connect & OAuth 2.0 API | Okta Developer