Auth0 `getTokenSilently` failing when using Safari PWA "Standalone" mode

ddecarme · August 14, 2020, 6:29pm

I’m running into a significant issue when trying to verify the token that is stored in the “in-memory” web worker when running my app in Safari standalone mode on iOS 13.

Here’s the status of my situation right now. Safari is working on the mobile browser version. I make a request to my API and before that request goes out, the getTokenSilently method is run, the Auth0 SPA SDK recognizes that I’m using refresh tokens and makes a call to the oauth/token endpoint to exchange tokens. I get my new token back, stuff it in the header of my request and then I get my data back. Everything is working fine from that perspective.

However, when I run that same part of the app in standalone mode on the iPhone, I get a “Login Required” error back. I did some debugging and traced through the code in standalone mode and this is the result of my findings. The Auth0 SDK is:

Recognizing that I’m using refresh tokens
Redirecting me to the _getTokenUsingRefreshToken method
Attempting to locate the tokens that are stored in the web worker
Not recognizing that my tokens are stored and then reverting to using the _getTokenFromIFrame

I’ve read I think all of the documentation there is including forums on Auth0 and Safari ITP and haven’t really come to a good consensus of what I should be doing. My Auth0 client config is below

authClient = new Auth0Client({
    domain: getConfigVar("PWA_AUTH_0_DOMAIN"),
    client_id: getConfigVar("PWA_AUTH_0_CLIENT_ID"),
    audience: getConfigVar("PWA_AUTH_0_AUDIENCE"),
    redirectUri: getRedirectUrl(),
    scope: "offline_access",
    cacheLocation: "memory",
    useRefreshTokens: true
  });

When running the getTokenSliently method I pass in token as an extra scope

getTokenSilently({ scope: "token" })

I’ve tried a few things:

Using localstorage instead of memory for storing the tokens
Added an offline_access scope to the Auth0 client initialization to get a refresh token back right away

It’s also interesting to note that as it stands right now, I’ve tested the application out with all major browsers on desktop and mobile phones and also with the standalone mode for android devices and everything is working as expected. The only trouble I’m running into is in Standalone mode for Safari iOS.

Any advice on how to fix this would be greatly appreciated!

Thanks!

ddecarme · August 19, 2020, 12:19pm

Good morning, has anybody at the Auth0 team had an opportunity to review the above issue?

thomas.osborn · September 1, 2020, 9:29pm

Hi @ddecarme,

I just replied to your support ticket, but I also wanted to reply here in case anyone else comes across this issue.

We do have documentation here relevant to this issue: https://auth0.com/docs/authorization/renew-tokens-when-using-safari

In particular, using a custom domain and rotating refresh tokens are two options which might help here.

konrad.sopala · September 2, 2020, 11:36am

Thanks Tomas for sharing it!

adminedu · October 28, 2022, 2:12am

Is there a documented solution to this problem? I am having the same issue for my Safari users.

Topic		Replies	Views
Getting Silent Auth working on Safari/iOS with RefreshTokens and cacheLocation localstorage Get Help	3	5396	April 14, 2021
iOS Safari Silent Authentication Get Help	2	4323	August 12, 2019
Is it currently impossible (without custom domains) to get a token with Safari browser? Get Help auth0	4	6718	May 8, 2020
Auth0 logs out on refresh (only on mobile) Get Help auth0 , refresh	7	5968	January 25, 2020
Login to PWA on iOS Using Social Identity Provider Get Help lock , login	9	8698	January 9, 2019

Auth0 `getTokenSilently` failing when using Safari PWA "Standalone" mode

Related topics