iOS refresh/auth loop on Safari

I am referencing this issue specifically.

For us, the same redirect loop seems to be happening without using a specific sdk, as we issue direct API requests of the form:

const options: AxiosRequestConfig = {
      method: 'POST',
      url: `${process.env.AUTH0_ENV}/passwordless/start`,
      headers: { 'content-type': 'application/json' },
      data: payload,

I do not experience this issue myself, and am not certain how to reproduce it. Happy to have an iOS device made available to me by a friend to take a closer look, however what we do have is a Sentry integration that surfaces this error relatively frequently.

We’ve seen it in prod 34 times over the past 30 days. The situation for us is that the user is bounced back and forth between authed and de-authed states, until it causes:

Attempt to use history.replaceState() more than 100 times per 30 seconds

Mobile Safari
Version: 16.5

Version: 16.5

Model: iPhone

I do not currently have source mappings or correlated errors, however, I thought it could be useful to start the discussion based on other adjacent issues of the same type, ie.

I am uncertain where to raise an issue for this specific matter. That said, we are in the process of releasing an updated integration that contains source maps, and can hopefully help us to pinpoint the error and context specifically.

Thank you for your help with this matter.