fix: address review comments — add @VisibleForTesting annotations, fix process death docs, rename misleading tests

utkrishtsahu · utkrishtsahu · commit b01245fb3765 · 2026-04-09T17:10:58.000+05:30
diff --git a/EXAMPLES.md b/EXAMPLES.md
@@ -330,7 +330,7 @@ WebAuthProvider.logout(account)
 When the Activity is destroyed during authentication due to a configuration change (e.g. device rotation, locale change, dark mode toggle), the SDK caches the authentication result internally. Call `WebAuthProvider.registerCallbacks()` once in your `onCreate()` to recover it. This single call handles both recovery scenarios:
 
 - **Configuration change**: delivers any cached result on the next `onResume` to the callback
-- **Process death**: registers `loginCallback` as a listener and auto-removes it when the Activity is destroyed
+- **Process death**: `AuthenticationActivity` restores OAuth state and processes the redirect. Since static state was wiped, the result is cached and delivered to `loginCallback` on the next `onResume` after `registerCallbacks()` is called
 
 ```kotlin
 class LoginActivity : AppCompatActivity() {
diff --git a/V4_MIGRATION_GUIDE.md b/V4_MIGRATION_GUIDE.md
@@ -342,7 +342,7 @@ class LoginActivity : AppCompatActivity() {
 | Scenario | How it's handled |
 |----------|-----------------|
 | **Configuration change** (rotation, locale, dark mode) | The result is delivered directly to the registered callback once the async token exchange completes. If no callback is registered yet, the result is cached and delivered on the next `onResume` |
-| **Process death** (system killed the app while browser was open) | `loginCallback` is registered as a listener and auto-removed when `lifecycleOwner` is destroyed — no manual `addCallback`/`removeCallback` calls needed |
+| **Process death** (system killed the app while browser was open) | `AuthenticationActivity` restores the OAuth state and processes the redirect. Since all static state (including `callbacks`) was wiped, the result is cached in `pendingLoginResult`. When your Activity is recreated and calls `registerCallbacks()`, the cached result is delivered on the next `onResume` |
 
 > **Note:** Both `loginCallback` and `logoutCallback` are required — this ensures results from either flow are never lost during configuration changes or process death.
 
diff --git a/auth0/src/main/java/com/auth0/android/provider/WebAuthProvider.kt b/auth0/src/main/java/com/auth0/android/provider/WebAuthProvider.kt
@@ -38,6 +38,7 @@ public object WebAuthProvider {
     private val callbacks = CopyOnWriteArraySet<Callback<Credentials, AuthenticationException>>()
 
     @JvmStatic
+    @get:VisibleForTesting(otherwise = VisibleForTesting.PRIVATE)
     internal var managerInstance: ResumableManager? = null
         private set
 
