Skip to content
Start project
Back

Bug report: Race condition in Flutter SDK `createOAuth2Session` / `client_io.dart

  • 0
  • Flutter
  • Auth
View on Discord
Johann V.
23 May, 2026, 07:03

Hi team,

I've found an intermittent bug in the Flutter SDK (v20.3.0) when using createOAuth2Session on Android.

Symptoms

After createOAuth2Session resolves, an immediate call to _account.get() intermittently throws:

TypeScript
AppwriteException: general_unauthorized_scope, 
User (role: guests) missing scopes (["account"]) (401)

Root cause

In client_io.dart, the webAuth method resolves the Future immediately after:

TypeScript
_cookieJar.saveFromResponse(Uri.parse(_endPoint), cookies);

saveFromResponse is an async write operation that may not have fully persisted the session cookies by the time the caller makes the next API call. This creates a race condition between cookie persistence and subsequent authenticated requests.

Reproduction

  • Android device
  • OAuth2 provider: Google
  • Call createOAuth2Session followed immediately by _account.get()
  • Intermittent in debug mode, less frequent in release mode

Workaround

Retry _account.get() with exponential backoff after a 401 response.

Suggested fix

Ensure saveFromResponse is fully awaited and the cookie jar is flushed before resolving the Future in webAuth.

TL;DR
Intermittent bug in Flutter SDK when using `createOAuth2Session` on Android causing race condition with subsequent API calls due to premature resolution of `saveFromResponse`. Workaround: Retry `_account.get()` with exponential backoff after 401 response. Suggested fix: Await `saveFromResponse` fully before resolving Future in `webAuth`.
Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more