- Which SDK this is regarding: : Android SDK
- SDK Version: 2.4.0
- Platform Version: Android 11
I’m part of the development team of a charity that supports people that are facing Cancer. We have an Android app in production, that relies on Auth0 for users to sign in with Social Providers (Google and Facebook), and since a month ago, the Google Sign-In flow has simply stopped working, out of the blue. It has been working perfectly, since March 2021, but now users that had previously logged in with Google, if they log out, can’t log back in, in production. When users attempt to authenticate with Google, they are taken to an empty white page that reads “Not found” (image attached). Nothing was changed on the android app code, or in Auth0 settings or on Google Cloud settings.
I’m using the WebAuthProvider class from the Auth0 Android SDK (version 2.4) in my Android app to authenticate with Google, like this:
WebAuthProvider.login(auth0)
.withConnection(AUTH0_GOOGLE_CONNECTION)
.withScheme("https")
.withScope("openid email profile offline_access")
.withAudience(AUTH0_AUDIENCE)
.start(activity, object : AuthCallback {
override fun onFailure(dialog: Dialog) {
Timber.d("Auth0 Login with Google failed.")
}
override fun onFailure(exception: AuthenticationException) {
Timber.d("Auth0 Login with Google failed. Error: $exception")
}
override fun onSuccess(credentials: Credentials) {
Timber.d("Auth0 Login with Google succeeded!")
}
})
The sign in journey is quite simple. The user taps a Google Sign in button in the Login screen. This invokes the code above and attempts authentication with Google using Auth0’s WebAuthProvider. The Auth0 SDK opens a Webview/Custom Tab where the user is prompted to select a Google account to use to log in. After selecting an account the user is then displayed the blank white screen with the text “not found”, and none of the methods from the callback object passed to the .start() method are invoked. If the user presses the back software button in the device, then the onFailure(dialog: Dialog) callback method is invoked.
I tried to follow the requests and redirects that were happening on the webview and managed to trace this sequence of requests:
Once the user taps the google sign in button, Auth0 SDK tries to open the Authorize URI in the webview, as displayed in the device logs:
2021-10-07 23:47:26.731 D/OAuthManager: Using the following Authorize URI: https://AUTH0_DOMAIN_HIDDEN/authorize?audience=https%3A%2F%2FAUDIENCE_HIDDEN&auth0Client=AUTH0_CLIENT_HIDDEN&scope=openid%20email%20profile%20offline_access&response_type=code&connection=CONNECTION_NAME_HIDDEN&code_challenge_method=S256&redirect_uri=https%3A%2F%2FDOMAIN_HIDDEN%2Fandroid%2FAPP_PACKAGE_ID_HIDDEN%2Fcallback&state=AwpaXTYFdw6dv5csgHtPuR15vU5y-tmREx1DR9hx22I&nonce=atAH5y126mX0gpGmoJZO9YQ7b4d57bKtWiJuSD7bRRE&code_challenge=gzDNw1mA5lgbtBot1-VhO5UoW4ccpEWPOiRcMrgxTdE&client_id=CLIENT_ID_HIDDEN
So first we have a GET request to https://AUTH0_DOMAIN_HIDDEN/authorize, to which we receive a 302 redirect to
https://accounts.google.com/o/oauth2/auth?login_hint=&response_type=code&redirect_uri=REDIRECT_URI, and the google webpage to choose an account is displayed (image attached). Upon selecting an account, there’s a GET request to https://accounts.google.com/signin/oauth/consent, followed by a sequence of GETs and redirects described below:
- https://AUTH0_DOMAIN_HIDDEN/login/callback
- https://AUTH0_DOMAIN_HIDDEN/authorize/resume
- https://AUTH0_DOMAIN_HIDDEN/android/APP_PACKAGE_ID_HIDDEN/callback
After the last GET to /APP_PACKAGE_ID_HIDDEN/callback resource, we receive a 404 Not Found, and display the blank screen in the webview, rather than the App(Auth0 SDK) resuming control and calling the WebAuthProvider callbacks.
It’s interesting to note that checking the Auth0 Logs in Auth0 Dashboard, a Successful Login log is recorded, which makes me think that the authentication on Google side actually worked , and somehow the process is getting lost on Auth0 side.
I can’t wrap my head around how is it possible for it to be working since march and without any line of code change, or settings change, it simply stops working. Please I appreciate any light you can solve on this critical problem.