Access token when obtained from iOS results in 401 unauthorized while from react-admin is ok

Help
, ,
1

I have a nestJS backend, a react-admin front-end and a mobile app written in swift. When I access the backend from the react-admin front end I am able to successfully login and make requests to the backend. However, with the iOS app, I am able to successfully login but am unable to make requests. Requests made result in 401 unauthorized. I have posted this issue on stack overflow as well with screenshots and code snippets.

https://stackoverflow.com/questions/69522011/swift-auth0-access-code-results-in-unauthorized-access-but-nothing-in-auth0-logs

The swift code used is as follows:

let path = "\(baseURL)\(endpoint.rawValue)"
        
guard let url = URL(string: path)
else { preconditionFailure("Bad URL") }
        
var headers: [String:String] = [:]
headers["Content-Type"] = "application/json"
        
// if access token is set then set Authorization headers
if (accessToken != nil) {
    headers["Authorization"] = "Bearer \(accessToken!)"
    print("Bearer \(accessToken!)")
}
        
var request = URLRequest(url: url)
request.httpMethod = "\(method)"
request.allHTTPHeaderFields = headers
        
// check if body exists
if (body != nil) {
    request.httpBody = body!
}

let dataTask = URLSession.shared.dataTask(with: request) {
    (data, response, error) in
    guard error == nil
    else { completion(.failure(.serverError)); return }
            
    do {
        guard let data = data
        else { completion(.failure(.serverError)); return }
                
        guard let object : [[String: AnyObject]] = try JSONSerialization.object(with: data) as? [[String: AnyObject]]
        else {
            print("Unable to convert from data")
            return
        }
        
        guard let json = try? JSONSerialization.data(withJSONObject: object, options: .prettyPrinted)
        else {
            print("Unable to prettify")
            return
        }

        guard let jsonString = String(data: json, encoding: .utf8)
        else {
            print("Unable to convert to string")
            return
        }
                
         print("JSON: \(jsonString)")
                
         completion(Result.success(object))
     } catch {
         completion(Result.failure(.parsingError))
     }
}
dataTask.resume()

baseURL is a string that points to my nestJS backend. endpoint is an enum of endpoints, for example \user

Using Proxyman I am able to confirm that the endpoint is hit with the correct headers. Screenshot below.

Screen Shot 2021-10-11 at 3.12.04 AM
Screen Shot 2021-10-11 at 3.12.04 AM1202×291 32.9 KB

Additionally, using postman I am able to successfully login and also make a get request to protected data. Screenshot below.

Screen Shot 2021-10-11 at 3.28.46 AM
Screen Shot 2021-10-11 at 3.28.46 AM897×641 91.9 KB

I am using Auth0 1.0 for swift (installed via pods). Any pointers to what might be the problem would be greatly appreciated.

2

The problem was that audience was set when requesting access tokens from the react-admin, while I did not include this in the swift login implementation.

Decoding the JWT on jwt.io and the following thread lead to this conclusion.
https://community.auth0.com/t/access-token-too-short-jwt-malformed/9169/11?u=kennethphough

Adding the audience in the following code resulted in the correct jwt being returned and successful access to backend.

Auth0
    .authentication()
    .login(
        usernameOrEmail: self.email,
        password: self.password,
        realm: "Username-Password-Authentication",
        audience: "<YOUR_AUDIENCE>",     // <- This is what I forgot
        scope: "openid profile email"
)
1 Like
3

Perfect! Glad to hear that and thanks for sharing with the rest of community!

4

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.