Authentication is often an afterthought when developing apps. It is a step users will need to complete just once before moving on to the actual features of your product. Hinge’s iOS client was a complicated state machine for a long time. There are a number of paths the user can take and we had zero test cases to ensure we were handling all of them. The mentality was very much, “if it ain’t broke, don’t fix it.”
Our outlook changed when Facebook announced their plans to deprecate v1.0 of the Graph API. We were going to have to update the Facebook SDK and replace many of the classes and methods throughout the app. We took this as an opportunity to revisit the architecture of our authentication process.
Facebook encourages the use of the Singleton Pattern and this had been abused in our code. Our Facebook object had a massive API which led to muddled responsibilities and hidden dependencies. It was confusing to know where in the authentication process a user was in at any given time. Lots of potential steps in the flow were overlooked.