iOS Swift SDK tries to refresh token using `localhost` regardless of configuration only when logging in via SAML SSO

blink · January 25, 2024, 1:19am

Hey folks! Hope everyone is having an excellent week.

We are experiencing a pretty strange bug where it appears as if our iOS application attempts to refresh tokens against localhost, regardless of the way our Auth0 client is configured, and only when the user signs in via a SAML SSO workflow.

This same bug is not present under “normal” Username/Password login, and only occurs on token refresh. This same SAML SSO workflow is operational without issue on all of our other clients, which are primarily JS. Curious if anyone has any idea why this might be happening - relevant snippets and error below -

Error:

The credentials renewal failed. CAUSE: Unable to complete the operation. CAUSE: Error Domain=NSURLErrorDomain Code=-1004 "Could not connect to the server." UserInfo={_kCFStreamErrorCodeKey=61, NSUnderlyingError=0x2813b2df0 {Error Domain=kCFErrorDomainCFNetwork Code=-1004 "(null)" UserInfo={_NSURLErrorNWPathKey=satisfied (Path is satisfied), interface: lo0, _kCFStreamErrorCodeKey=61, _kCFStreamErrorDomainKey=1}}, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <FE5FFC3E-454B-4BDA-82A7-58A5095BAD1E>.<1>, _NSURLErrorRelatedURLSessionTaskErrorKey=(
    "LocalDataTask <FE5FFC3E-454B-4BDA-82A7-58A5095BAD1E>.<1>"
), NSLocalizedDescription=Could not connect to the server., NSErrorFailingURLStringKey=https://localhost/oauth/token, NSErrorFailingURLKey=https://localhost/oauth/token, _kCFStreamErrorDomainKey=1}

public func configure(clientID: String, domain: String) {
        if self.clientId != clientID,
           self.domain != domain {
            self.clientId = clientID
            self.domain = domain
            credentialsManager = CredentialsManager(authentication: Auth0.authentication(clientId: clientId, domain: domain))
        }
    }
    
    public func login() async throws -> [String: String] {
        do {
            let credentials = try await Auth0.webAuth(clientId: clientId, domain: domain)
                .parameters(["prompt": "login"])
                .scope("openid profile offline_access")
                .audience("[valid audience]")
                .start()
            
            print("updated credentials: \(credentials)")
            let _ = self.credentialsManager.store(credentials: credentials)
            
            let tenantAndExtension = try await self.getTenantExtension()
            return tenantAndExtension
        } catch {
            throw error
        }
    }

Thanks in advance for your time here! Any and all ideas and feedback would be greatly appreciated.

dan.woda · January 26, 2024, 3:42pm

Hi @blink,

First thing I would check is the domain variable that is being passed. Seeing https://localhost/oauth/token suggests that localhost is being passed as the domain somewhere in the app.

Also, do you have a way of monitoring the network requests? Seeing what happens during the SAML transaction could show exactly where the issue is.

blink · January 30, 2024, 8:58pm

Hey Dan! Thanks for your quick reply!

We can’t find any instances of localhost in our app, we think we’ve ruled that out as a potential source of the value, which is where our confusion stems from as with that eliminated we’re not sure where else it could be coming from.

That said, we’re looking at setting up network monitoring for the app so we can get some details on that request! Thanks for that suggestion!