fix(android): recover Universal Login after process death via resumeSession

[subhankarmaiti]

Fixes Android Universal Login silently failing when the OS kills the app process while the user is in the login browser (Chrome Custom Tabs). This is common on low-memory devices and when "Don't keep activities" is enabled — and accounts for a large share of dropped logins.

When the process is killed mid-login, the recovered credentials are delivered to WebAuthProvider.addCallback(...) instead of the original authorize() call, which no longer exists after process death. The SDK never subscribed to that channel, so the credentials were dropped and the user was left logged out.

This PR adds a resumeSession() recovery path that claims those recovered credentials and completes the login:

const credentials = await auth0.webAuth.resumeSession();                                                                 
if (credentials) {                                                                                                               
  await auth0.credentialsManager.saveCredentials(credentials);
} 

Hooks users get this automatically — Auth0Provider calls resumeSession() on init and persists any recovered credentials, so no app changes are required.

On iOS and Web, resumeSession() resolves null (no equivalent process-death failure), keeping the API consistent across platforms.

Note: Requires the native fix in Auth0.Android (persisting DPoP across process death). Apps using react-native-screens must
also set super.onCreate(null) in MainActivity so the activity restores cleanly — documented in the updated FAQ.

References

Fixes #1549
Fixes #1541

Testing

• Added unit tests for the recovery path across Auth0Provider, NativeWebAuthProvider, and NativeBridgeManager.
• Manually verified on Android: login → kill process mid-flow → complete in browser → cold start → user lands logged in.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: e09706b1-3695-4b43-807f-189b911ca334

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/android-process-death-login-recovery

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Manuel-Castro-BA]

Lgtm

[Oscar-Riano-BA]

lgtm