Login error on certain devices (using auth0-java-mvc-common)

Hi There,

I’m using https://github.com/auth0/auth0-java-mvc-common, but
I’m having a login error on iPhoneXR (IOS12.1.1).

  • Which SDK does this apply to? (Ex: auth-node)
    auth0-java-mvc-common

  • Which verison of the SDK you are using? (Ex: 1.0)
    1.2.0

  • Which version of the platform are you facing this error on? (Ex: Node 6.4)
    http://jdk.java.net/java-se-ri/11

  • Was this code working before? Have you made any changes in the dashboard recently?
    Some of the IOS versions did not work.
    IOS 12.1.1 does not work.
    IOS 12.4 is fine.

  • Please capture and attach the stacktrace, it helps a lot!
    See attachment(trace.txt)
    trace.txt (12.3 KB)

  • Can you share a minimum reproducible?

  • Please share the code that is causing the error.

public Tokens handle(HttpServletRequest request, HttpServletResponse response) {
		try {
			log.debug("Session:com.auth0.state:" + (String) SessionUtils.get(request, "com.auth0.state")
					+ " - getParam:state=" + request.getParameter("state"));

			return authenticationController.handle(request, response);
		} catch (IdentityVerificationException e) {
			var rp = String.format("Request Parameter :%s", LogUtil.toJson(request.getParameterMap()));
			throw new Auth0TokenException(rp, e, CidErrorCode.EAT00102, HttpStatus.BAD_REQUEST);
		}
	}

Only on IOS12.1.1, “com.auth0.state” in the session is always null.

Session:com.auth0.state:null - getParam:state=UNE4ldefqJ9zCxAfmGy_hi5f3T1g4t2l7KhE6hYS79k

I expect it might be a problem with IOS 12.1.1.

Has anyone else had this happen?

Hey there!

Can you copy paste that context and create a GitHub issue in the repo you provided so we can work on that directly with the repo maintainers? This way we’ll be able to handle that most effectively. Thank you! Make sure to share the link to the issue here with us.

Thanks @konrad.sopala,

I created a GitHub Issue.

Thanks! I’ll ping repo maintainers in a minute!

Hi @konrad.sopala,

I haven’t heard anything from repo maintainers yet, have you heard from them?

Not yet. I’m sure they will address that as soon as they can

The cause of the problem was found.
As expected, it was a problem with IOS 12.0, 12,1 and framework meshing.
I’m using Spring Session for Session management, and SameSite:Lax was set by default.

IOS 12.0, 12 and 1 had a bug that caused the same behavior as “Strict”, ignoring the value of the SameSite setting.

The issue has been closed.

https://github.com/spring-projects/spring-session/blob/2.2.0.RELEASE/spring-session-core/src/main/java/org/springframework/session … /web/http/DefaultCookieSerializer.java#L88

@Bean
public CookieSerializer cookieSerializer() {
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
serializer.setSameSite(null);
return serializer;
}

to not add the SameSite attribute itself, the behavior was as expected.

1 Like

Perfect! Glad to hear that!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.