fix(expo): dismiss browser after SSO/OAuth flow to prevent stuck sessions on re-login

[chriscanin]

Summary

Fixes browser remaining open in the background after a successful OAuth/SSO flow on some platforms (reported by community user Erwin). When the browser isn't explicitly dismissed, subsequent sign-in attempts fail silently or the browser appears frozen.

• Wraps openAuthSessionAsync in a try/finally in both useSSO and useOAuth
• Calls WebBrowserModule.dismissBrowser() unconditionally after the auth session completes, regardless of outcome

Symptoms fixed

• After signing out and attempting to sign in again via SSO/OAuth, the browser session from the previous login was not killed, causing the second attempt to fail
• Switching Google accounts caused the SSO page to appear frozen

Test plan

• Sign in with Google OAuth
• Sign out
• Sign in again — should open a fresh browser session without issues
• Attempt to switch Google accounts — browser should not be frozen

🤖 Generated with Claude Code

Summary by CodeRabbit

• Bug Fixes
  • Fixed an issue where the in-app browser could remain open after completing OAuth and SSO sign-ins. The browser is now reliably dismissed once authentication finishes, preventing it from blocking or interfering with subsequent sign-in attempts and improving sign-in flow stability.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	Mar 25, 2026 6:07pm

[changeset-bot]

🦋 Changeset detected

Latest commit: f6e817d

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@clerk/expo	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: 8d1b6d6a-f7e2-4b36-843f-cc8ae814a08e

📥 Commits

Reviewing files that changed from the base of the PR and between eff72f5 and f6e817d.

📒 Files selected for processing (1)

• packages/expo/src/hooks/useOAuth.ts

---

📝 Walkthrough

Walkthrough

This change updates the @clerk/expo package so the in-app browser is always dismissed after authentication sessions. The useOAuth and useSSO hooks now wrap their openAuthSessionAsync calls in try/finally blocks and call WebBrowser.dismissBrowser() unconditionally in the finally clause. Authentication result handling remains the same but now occurs after ensuring the browser dismissal.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: dismissing the browser after SSO/OAuth flows to fix stuck sessions on re-login, which directly aligns with the changeset modifications across all three files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/expo/src/hooks/useOAuth.ts`:
- Around line 80-91: The TypeScript error is caused by destructuring url from
authSessionResult which is a discriminated union; update the logic in
useOAuth.ts around the authSessionResult returned by
WebBrowserModule.openAuthSessionAsync (and the variable authSessionResult) to
first check if authSessionResult.type === 'success' (or !== 'success' to
early-return/handle non-success) before accessing authSessionResult.url,
mirroring the pattern used in useSSO.ts; ensure you only read .url inside the
success branch and handle the other variants (cancel, dismiss, etc.) explicitly
so the compiler no longer sees an unsafe property access.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: ab97e8b2-1aa8-4a0d-9186-79f19ac3ab1b

📥 Commits

Reviewing files that changed from the base of the PR and between e00ec97 and eff72f5.

📒 Files selected for processing (3)

• .changeset/fix-sso-browser-dismissal.md
• packages/expo/src/hooks/useOAuth.ts
• packages/expo/src/hooks/useSSO.ts

[chriscanin]

!snapshot

[chriscanin]

@brkalow this PR is possibly having issues discovered in final tests, could be a local environment issue, I am working on it.

I have added a "Do not merge" tag for the moment.