Auth0 Home Blog Docs

Automatic Login via Mobile Inconsistent Failures

Hello,

I have an app using Auth0 SPA library (for React) and it seems there is something wrong with the automatic login on iPhones (not sure if this occurs with other phones).

When logging in normally the login always works, but when the users presses the automatic login button it only works around 20% but this is still worrisome. When the login fails it sends the user to an Auth0 error login page. Since this is a problem with Auth0 I have no idea how to fix this on my Front/Back End.

Any help is much appreciated!

Hi @TanBeige

What’s the blue button pointing to? A social connection? If so, have you configured the connection to use your own keys, or are you using the built-in (developer) keys?
What’s the tenant and client id?

The blue button is an automatic popup for iOS devices. If you click this, it will automatically input your usernme/email and password. I would understand if the device input the wrong information and it says they have the wrong credentials, but what it does is send them to an Auth0 error page instead:

It says the redirect uri is mismatched, but I checked and the button they press to login is the right one.

The blue button is an automatic popup for iOS devices. If you click this, it will automatically input your usernme/email and password. I would understand if the device input the wrong information and it says they have the wrong credentials, but what it does is send them to an Auth0 error page instead:

So that’s iOS’ default password manager, or a different one?
The authentication form presented by Auth0 contains the username and password fields, plus a hidden field that lets Auth0 continue the flow. In a simplified form:

<form method="POST">
  <input type="hidden" name="state"
    value="<some_obscure_string_that_the_Browser_is_supposed_to_leave_untouched>">
    <input class="input" name="username" id="username" placeholder="Email address" type="text" value="" required=""
      autofocus="">
    <input class="input" name="password" id="password" placeholder="Password" type="password" required="">
    <button type="submit" name="action" value="default" >Continue</button>
</form>

Now, if the password manager is somehow messing with the hidden input value, it would cause this error. I wouldn’t expect any password manager to do that, as it would break a lot of authentication flows, but I’m mentioning this as it might be worth exploring.

If the above doesn’t help, the next step would be to connect the iOS device to a Mac computer, and use Safari in the Mac to connect to the iOS browser and record a .HAR file, to inspect the HTML received from Auth0 and the POSTed form when the automatic login button is used.

I figured out it was a problem with origin domains. Users would refresh the page which would reset the domain origin to the Login page directly, and I only allow it from my website. I’m not sure yet but I think the problem will be fixed once I change the login URL from the one Auth0 gives to my own domain. Thanks for the help!

1 Like