Xamarin.Essentials Web Authenticator throws NSErrorException if iOS permission to sign in is declined

[JohnBot2013]

Description

When using Web Authenticator (in my case incorporating IdentityModel.OidcClient and using PKCE) then on iOS when the iOS permission to use the authority for sign in appears and you decline, an NSErrorException is thrown "Domain=com.apple.AuthenticationServices.WebAuthenticationSession Code=1" in WebAuthenticator.ios.tvos.cs at line 115

Steps to Reproduce

1. Create a simple Xamarin Forms project and integrate the OidcClient into Web Authenticator using this example https://www.davidbritch.com/2020/04/authentication-from-xamarinforms-app_8.html.
2. Ensure you are using flow as OidcClientOptions.AuthenticationFlow.AuthorizationCode (PKCE) and that the authority you are using is using shared cookies.
3. Attempt to logon but decline the iOS permission to sign in using the authority.

Expected Behavior

WebAuthenticator fails gracefully. For example it returns a null response or an error response.

Actual Behavior

NSErrorException is thrown with the following stacktrace:
at Xamarin.Essentials.WebAuthenticator.PlatformAuthenticateAsync (System.Uri url, System.Uri callbackUrl) [0x003fc] in d:\a\1\s\Xamarin.Essentials\WebAuthenticator\WebAuthenticator.ios.tvos.cs:115
at TestIdentity.Browser.InvokeAsync (IdentityModel.OidcClient.Browser.BrowserOptions options, System.Threading.CancellationToken cancellationToken) [0x00034] in D:\DocComs\TestApps\ExampleDocComsOauth\TestIdentity\TestIdentity\Browser.cs:15
at IdentityModel.OidcClient.AuthorizeClient.AuthorizeAsync (IdentityModel.OidcClient.AuthorizeRequest request, System.Threading.CancellationToken cancellationToken) [0x000e7] in C:\local\identity\model\IdentityModel.OidcClient\src\AuthorizeClient.cs:63
at IdentityModel.OidcClient.OidcClient.LoginAsync (IdentityModel.OidcClient.LoginRequest request, System.Threading.CancellationToken cancellationToken) [0x00111] in C:\local\identity\model\IdentityModel.OidcClient\src\OidcClient.cs:73
at TestIdentity.IdentityViewModel.Login () [0x0004d] in D:\DocComs\TestApps\ExampleDocComsOauth\TestIdentity\TestIdentity\IdentityViewModel.cs:46

Basic Information

Xamarin.Forms V4.5.0.617
Xamarin.Essentials V1.5.3.1
Visual Studio 2019 Prof V16.5.4
iOS 13.4

[jamesmontemagno]

I believe we throw an exception if the user cancels. So, I think this is expected. We just need to make sure it is documented..... @Redth to confirm.

[jamesmontemagno]

Are you try/catching the login?

[JohnBot2013]

Yes, I do catch the exception. There are 2 exceptions we are talking about. If you cancel the browser then you get a task cancelled exception which is fine. However my original report is to do with what happens when the iOS permission popup is cancelled, your login page needs to use shared cookies I believe for that to happen. That throws an NSErrorException (a native iOS exception) caught in the shared Forms project. We are using our own OpenID Connect server and PKCE as recommended for maximum security on devices.

[mattleibow]

I think I know what is going on. The new ASWebAuthenticationSession uses an exception to report a cancellation, which we interpret as an actual error.
And then, any errors or cancellations that we do properly handle, we catch and mark as an error.

I'll set up a PR to correct this.