Hi, we’ve switched to Auth0 lately, using the Auth0 SDK for iOS to present the login screen to our customers.
However, we see complaints that the login “is not working”. Most of these cases are related to the customer having enabled the “Block all Cookies” setting in the Safari settings.
Is there a way to also enable the Auth0 login for these customers?
If the customer does not wish to use cookies, in my opinion, we as developers should respect his decision. He even, when enabling this setting, confirmed the big warning that Apple had shown to him. Forcing him to switch this setting is not a good user experience, and Auth0 should have a solution to respect the user’s decision.
In that regard, switching to Auth0 has become a worse customer experience in comparison to our previous solution, where we displayed a login using a username and password field natively.
tyf
January 12, 2024, 11:54pm
2
Hello @cmittendorf welcome to the community!
cmittendorf:
Is there a way to also enable the Auth0 login for these customers?
If the customer does not wish to use cookies, in my opinion, we as developers should respect his decision. He even, when enabling this setting, confirmed the big warning that Apple had shown to him. Forcing him to switch this setting is not a good user experience, and Auth0 should have a solution to respect the user’s decision.
I think the following response from one of our iOS engineers about sums this up:
opened 11:45PM - 20 Jan 22 UTC
closed 06:23PM - 21 Jan 22 UTC
question
### Describe the problem
Hello,
We had an issue in production where a user… was unable to login and what we found out is that when both in Android and iOS you "block all cookies" for the default browser and then go to use the app's Auth0 Universal Login, the page that loads up is the wrong page. In our case it routes to our home page.
### What was the expected behavior?
We expect Auth0 Login web view to route to the correct callback url.
### Reproduction
The steps to reproduce in android are straightforward, but in iOS it's different:
- Go to Settings > Safari > Block All Cookies.
- Then we use Safari to navigate to our Login page that uses Auth0, so Home page > Login page. We don't need to attempt to login with the browser.
- Then we open up the app and tap login > Auth0 Login web view pops up with our Home Page instead of the Login page.
- At this point the only way to fix it is to disable "Block All Cookies", clear cookies and attempt to login again to bring up the correct login page.
In Android you just need to block all cookies and then attempt to Login with the app to reproduce this issue, no need to attempt to login with the browser.
- Our production app for iOS uses ephemeral sessions and "prompt: login" as login parameter.
- Our production app for Android uses "prompt: login" as login parameter.
So we are wondering:
- Can users authenticate with Auth0 if cookies are blocked?
- Is there a feature built into the SDK that would allow us to check for allowing cookies and pop up messaging to educate the user?
- What should the correct behavior/best practice be in this situation?
### Environment
- **Version of `Auth0.swift` used: 1.38.0**
- **Version of iOS/macOS/tvOS/watchOS: iOS 13+**
- **Version of Xcode: 13.1**
You might also be interested in the Lock.Swift swift library which is the embedded login option.
system
January 26, 2024, 11:55pm
4
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.