Can't SMS Authenticate - Auth0 + Twilio + iOS Native Client.

solocez · February 21, 2018, 11:36pm

I ve bind Auth0 Client to Twilio to Authenticate via SMS (like it’s described in documentation).
Here is my code to authenticate via SMS (iOS native client):

Lock
  .passwordless()
  .withOptions {
    $0.oidcConformant = false
    $0.logLevel = .all
    $0.logHttpRequest = true
    $0.passwordlessMethod = .code
  }
  .withConnections({
    $0.sms(name: "sms")
  })
  .onPasswordless(callback: { (indata) in
    Log.info("ON PASSWORDLESS: \(indata)")
  })
  .onAuth { credentials in
    print("Authenticated!")
    guard let accessToken = credentials.accessToken else { return }
    Log.info("ACCESS TOKEN: \(accessToken)")
  }
  .onSignUp { email, attributes in
    Log.info("NEW USER WITH EMAIL: \(email)!")
  }
  .onError { error in
    Log.info("FAILED WITH ERROR: \(error.localizedDescription)")
  }
  .present(from: self)

As a response i get an error:

INFO | PasswordlessPresenter.swift:79 - Login passwordless 4372896051 with passcode using connection: sms
POST https://solocez.auth0.com/oauth/ro HTTP/1.1
Auth0-Client: eyJuYW1lIjoiTG9jay5zd2lmdCIsInZlcnNpb24iOiIyLjUuMSIsImxpYl92ZXJzaW9uIjoiMS4xMC4wIn0
Content-Type: application/json

{“grant_type”:“password”,“client_id”:“XbwI4jUhfLsHGuptRxo0oleUZ6APPetd”,“connection”:“sms”,“scope”:“openid”,“username”:“+14372896051”,“password”:“632259”}

HTTP/1.1 404
Content-Type: text/plain; charset=utf-8
Content-Length: 9
x-ratelimit-reset: 1519226539
x-auth0-requestid: 75ca685a1da7c7b4c44c
x-ratelimit-limit: 10
x-ratelimit-remaining: 9
Date: Wed, 21 Feb 2018 15:22:18 GMT
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Not Found

ERROR | DatabaseAuthenticable.swift:82 - Failed login of user <+14372896051> with error Not Found
ERROR | PasswordlessPresenter.swift:86 - Failed with error couldNotLogin
2018-02-21 10:22:18.189314-0500 Wallet[2189:842833] [Info] [main] [LoginViewController.swift:173] showMainScreen() > FAILED WITH ERROR: The operation couldn’t be completed. (Lock.CredentialAuthError error 4.)

What’s wrong ?
Seems like there is no user created. But what 's than a pattern to SMS Authentication?

ricardo.batista · February 22, 2018, 2:51pm

It seems that you’re trying to use passwordless embedded in the native app. This is using a legacy endpoint and should not be used in new applications. As stated in the [Lock.swift documentation] (Lock.swift: Passwordless):

Passwordless functionality should not
be embedded in native apps until Auth0
libraries can be updated to properly
support it. Until that time,
passwordless authentication can still
be achieved by using universal login
via the web.

You can achieve this by using the universal login, which uses the hosted login page to provide a secure passwordless authentication. From the hosted login page documentation:

Currently, the Hosted Login Page is
the only way to use Passwordless
authentication on Native platforms. So
if your use case is a native iOS or
Android application, for example, and
you intend to implement Passwordless,
you will need to use the Hosted Login
Page.

To request the hosted login page from your iOS app, you can use Auth0.swift with:

Auth0
    .webAuth()
    .audience("https://{YOUR_AUTH0_DOMAIN}/userinfo")
    .start { result in
        switch result {
        case .success(let credentials):
            print("Obtained credentials: \(credentials)")
        case .failure(let error):
            print("Failed with \(error)")
        }
    }

You can find the detailed instructions here:

Passwordless Connections

Auth0 iOS / macOS SDK Quickstarts: Login

ryancrunchi · April 16, 2018, 12:46pm

We are in the same case as @solocez : passwordless SMS + Twilio + iOS Native app.
A complete login/signup design flow is mandatory for our app.

Is there an other solution to use passwordless SMS embedded in native iOS app, avoiding web auth and universal login ?

When do you plan to update Auth0 native libraries for them to be compatible ?

solocez · June 26, 2018, 2:56pm

I’ve tried universal login using call to “Auth0.webAuth() …”.
It does not work as well on iOS.
Does this mean - passwordless login does not work on iOS ?

konrad.sopala · August 16, 2019, 1:31pm

Hey there!

Terribly sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes our bandwidth is just not enough for all the questions that are coming in. Sorry for the inconvenience!

Do you still require further assistance from us?