Verify Android OAuth cold-start fix on a real device (#300 follow-up) #388

Open
opened 2026-06-30 12:04:42 +00:00 by james · 0 comments
Owner

Follow-up to #300 (PR #383, merged). The cold-start fix — draining the OAuth deep-link queue at bootstrap when the OS killed the app during the browser handoff — is fully unit-tested (idempotency, single exchange, no double-exchange) but could not be verified headlessly. The client vitest runner is node-env with no RN render or real Activity lifecycle, so the actual cold-relaunch path is unexercised.

What to verify on-device

On a physical Android device (or emulator) running the signed build:

  1. Developer options → enable "Don't keep activities".
  2. Start an OAuth sign-in; when the system browser is foreground, the OS kills the app.
  3. Complete the OAuth flow → the carol://auth/oauth/complete deep link relaunches the app cold.
  4. Expect: the app lands on /chat, signed in (not bounced back to /login).
  5. Also confirm the warm path still works and is not double-exchanged: sign in normally (without "Don't keep activities") and verify a single token exchange.

Notes

  • Relevant code: app/_layout.tsx (Linking.getInitialURL() branch), lib/auth/oauthColdStart.ts, lib/auth/oauthDeepLink.ts (drainOauthDeepLink).
  • Related gotcha: native new URL("carol://…") mis-parses custom schemes — see #298. Watch for any regression in deep-link parsing while testing.
  • Close this once verified, or reopen/expand if the cold path misbehaves.
Follow-up to #300 (PR #383, merged). The cold-start fix — draining the OAuth deep-link queue at bootstrap when the OS killed the app during the browser handoff — is fully unit-tested (idempotency, single exchange, no double-exchange) but **could not be verified headlessly**. The client vitest runner is node-env with no RN render or real Activity lifecycle, so the actual cold-relaunch path is unexercised. ## What to verify on-device On a physical Android device (or emulator) running the signed build: 1. Developer options → enable **"Don't keep activities"**. 2. Start an OAuth sign-in; when the system browser is foreground, the OS kills the app. 3. Complete the OAuth flow → the `carol://auth/oauth/complete` deep link relaunches the app **cold**. 4. **Expect:** the app lands on `/chat`, signed in (not bounced back to `/login`). 5. **Also confirm the warm path still works** and is not double-exchanged: sign in normally (without "Don't keep activities") and verify a single token exchange. ## Notes - Relevant code: `app/_layout.tsx` (`Linking.getInitialURL()` branch), `lib/auth/oauthColdStart.ts`, `lib/auth/oauthDeepLink.ts` (`drainOauthDeepLink`). - Related gotcha: native `new URL("carol://…")` mis-parses custom schemes — see #298. Watch for any regression in deep-link parsing while testing. - Close this once verified, or reopen/expand if the cold path misbehaves.
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
james/carol#388
No description provided.