Hello, I have an app with Expo and I generated an APK, and I am testing it on a physical device:
Device: Galaxy S9
Android Version: 8.0.0
Expo: ^54.0.30
react-native-auth0: ^5.3.1
The problem I am seeing is that after logging in, there is a completely blank screen, and I have no feedback on why it is totally blank and nothing happens; inspecting the URL, I see that ‘https://{domain}/u/mfa-detect-browser-capabilities?s…’ appears. Searching the internet, there were suggestions that it could be Bot Detection; however, I disabled it completely and I still have the same problem. I also tried with a build on iOS and did not have this problem. I would appreciate any suggestions to determine the problem or how to solve it.
Hi @fhenriquez
Welcome back to the Auth0 Community!
The /u/mfa-detect-browser-capabilities endpoint is an interstitial page which basically runs JavaScript to detect if the browser supports advanced features like WebAuthn (Passkeys) or to set cookies for the “Remember this device” MFA feature.
I believe that the issue might be caused by the outdated browser’s webview engine which is unable to handle the script, throwing a silent rendering error. Because the script crashes, the page never completes its capability check, and the final redirect back to your app (yourapp://... ) never fires.
You can try disabling Passkeys(if you are using any) or force the “Remember this device” option to be disabled by default via Actions. Alternatively, you can try updating to the latest version of Chrome(or any other default browser it might be using) and make sure the Android System WebView is also up to date.
Let me know if that does the trick for you!
Kind Regards,
Nik
Hey @nik.baleca,
Thanks for the detailed breakdown! I’ve tried the approaches you suggested, but I’m still stuck.
To clarify my setup: I wasn’t using Passkeys to begin with, and I actually couldn’t find a specific “Remember this device” toggle in my current settings to disable. Regarding Actions, I see two different areas: one under User > Device and another in the main Actions sidebar. I’m not sure if there’s a specific configuration or trigger (like “Post-Login”) that I needs to be set there to bypass this check.
On the device side, I fully updated the Android System WebView on my Galaxy S9, but the issue persisted. I even tested this on a newer Galaxy S24, and it still won’t complete the redirect.
Since these steps didn’t work, what are my other options for debugging what’s happening? Specifically:
-
Is there a way to force the redirect to skip the /u/mfa-detect-browser-capabilities check entirely?
-
How can I capture logs from that interstitial page to see exactly where the script is failing?
-
Are there specific Auth0 Action scripts you recommend to ensure the flow doesn’t hang on this capability check?
Hi again!
Can you try to use the following action code to see if it is able to redirect properly?
exports.onExecutePostLogin = async (event, api) => {
api.multifactor.enable('{{YOUR_MFA_FACTOR}}', { allowRememberBrowser: false });
}
Kind Regards,
Nik
Hey Nik! Right now, we don’t have MFA set up on our end. If enabling it is a requirement for this specific redirect logic to work, just let me know and I can get one added so we can test it properly.
Thanks.
I see, thanks for the extra info.
Can you try using "none" as your mfa factor inside the action with allowRememberBrowser: false to see if it is able to skip that extra check?
Kind Regards,
Nik
1 Like
Hi Nik, just a quick update—I’ve got this sorted. The issue was specifically down to the Android custom scheme configuration. I’ve now aligned that with your recommendations and the Auth0 docs, and everything is routing correctly. Thanks for the steer!
1 Like