Login error on certain devices (using auth0-java-mvc-common)

mrskkkrr · August 19, 2020, 5:30am

Hi There,

I’m using GitHub - auth0/auth0-java-mvc-common: Contains common helper classes and api client logic that are used across our Java MVC libraries, but
I’m having a login error on iPhoneXR (IOS12.1.1).

Which SDK does this apply to? (Ex: auth-node)
auth0-java-mvc-common
Which verison of the SDK you are using? (Ex: 1.0)
1.2.0
Which version of the platform are you facing this error on? (Ex: Node 6.4)
Java Platform, Standard Edition 11 Reference Implementations
Was this code working before? Have you made any changes in the dashboard recently?
Some of the IOS versions did not work.
IOS 12.1.1 does not work.
IOS 12.4 is fine.
Please capture and attach the stacktrace, it helps a lot!
See attachment(trace.txt)
trace.txt (12.3 KB)
Can you share a minimum reproducible?
Please share the code that is causing the error.

public Tokens handle(HttpServletRequest request, HttpServletResponse response) {
		try {
			log.debug("Session:com.auth0.state:" + (String) SessionUtils.get(request, "com.auth0.state")
					+ " - getParam:state=" + request.getParameter("state"));

			return authenticationController.handle(request, response);
		} catch (IdentityVerificationException e) {
			var rp = String.format("Request Parameter :%s", LogUtil.toJson(request.getParameterMap()));
			throw new Auth0TokenException(rp, e, CidErrorCode.EAT00102, HttpStatus.BAD_REQUEST);
		}
	}

Only on IOS12.1.1, “com.auth0.state” in the session is always null.

Session:com.auth0.state:null - getParam:state=UNE4ldefqJ9zCxAfmGy_hi5f3T1g4t2l7KhE6hYS79k

I expect it might be a problem with IOS 12.1.1.

Has anyone else had this happen?

konrad.sopala · August 19, 2020, 10:34am

Hey there!

Can you copy paste that context and create a GitHub issue in the repo you provided so we can work on that directly with the repo maintainers? This way we’ll be able to handle that most effectively. Thank you! Make sure to share the link to the issue here with us.

mrskkkrr · August 20, 2020, 1:27am

Thanks @konrad.sopala,

I created a GitHub Issue.
https://github.com/auth0/auth0-java-mvc-common/issues/63

konrad.sopala · August 20, 2020, 8:39am

Thanks! I’ll ping repo maintainers in a minute!

mrskkkrr · August 24, 2020, 5:15am

Hi @konrad.sopala,

I haven’t heard anything from repo maintainers yet, have you heard from them?

konrad.sopala · August 24, 2020, 8:10am

Not yet. I’m sure they will address that as soon as they can

mrskkkrr · August 26, 2020, 12:28am

The cause of the problem was found.
As expected, it was a problem with IOS 12.0, 12,1 and framework meshing.
I’m using Spring Session for Session management, and SameSite:Lax was set by default.

IOS 12.0, 12 and 1 had a bug that caused the same behavior as “Strict”, ignoring the value of the SameSite setting.

The issue has been closed.

spring-session/spring-session-core/src/main/java/org/springframework/session at 2.2.0.RELEASE · spring-projects/spring-session · GitHub … /web/http/DefaultCookieSerializer.java#L88

@Bean
public CookieSerializer cookieSerializer() {
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
serializer.setSameSite(null);
return serializer;
}

to not add the SameSite attribute itself, the behavior was as expected.

konrad.sopala · August 26, 2020, 11:00am

Perfect! Glad to hear that!

system · September 10, 2020, 11:01am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.