Pretty straight forward, multiple users can log in with no issues, including same browser, webview, OS, problem occurs only on iOS and only for 1 user. I was able to replicate the bug, but clearing Safari worked as a fix for me, does not work for the user.
Upon opening the login UIWebView (or WKWebView) it goes straight to “oooops, something went wrong”, giving the invalid_request error with default “you may have pressed back button…” and so on. It does not allow the user to enter any credentials.
I’ve made sure all debug on my end was done and done correctly so this has to be some Auth0 issue.
Here’s the error:
"description": "A user has attempted to access a login page directly. This is not supported unless a \"Application Login URI\" is set for your application, or a \"Tenant Login URI\" is set for your tenant. For more information, see: https://auth0.com/docs/universal-login/default-login-url",
"user_agent": "Mobile Safari 14.1.1 / iOS 14.6.0",
I followed official Auth0 guidelines for implementing Auth0 in my xamarin.forms app, and, again, everybody else can log in with no issues.
Hmm that’s a bit weird. Are you able to verify if that user has some browser plugins or something like that, that may be causing this?
Yes - the user in question is one of my partners in the project, so I was able to poke around on his phone. No plugins, I tried browsing his app history, there are a few that use Auth0 for login so I thought maybe “secure storage” was somehow compromised and leaked outside of the app’s scope in OS, but no, nothing out of ordinary in the logs and telemetry, it basically thinks that his connection is somehow accessing Auth0 tenant with some weird error. I did most if not all debugging, including having him completely reinstall the app, running clearing UIWebView cache and cookies programmatically within the app (both in dev and prod) and all the other shenanigans I could think off. The breakpoint occurs when website with login is loaded on his phone’s webview, then it redirects straight to /authorize endpoint specified in field Application Login URI (we do not offer App login quite yet). I confirmed it by routing that to multiple endpoints on our website and they all popped up in the flow.
Now our web app does not have /authorize endpoint and I don’t think I can incorporate /authorize endpoint in my xamarin.forms app. Again, current setup works as intended on other devices with all possible flows
Having this exact issue with one single user in our React Native app using iOS 14.6.
Does anyone have any idea why this is happening?
We are also having this exact issue with some users (both android & ios) in our Expo app
We cannot reproduce it and don’t have access to their phone.
Can we have some support?
We are also having this exact issue. A single user (iOS) is receiving this error. No other user is having any difficulties.
When it happened to me, I had to fully clear secure storage in the device with a hotfix targeted update through app store, I hope you can plug that device in and clear secure storage by deployment, however I am not 100% sure if that was what fixed it, I couldn’t oversee user phone behavior, they just emailed me “ok, works now”.
I removed clearing secure storage from my method intercepting failed logins (that’s the only case I was clearing the secure storage).