Pretty straight forward, multiple users can log in with no issues, including same browser, webview, OS, problem occurs only on iOS and only for 1 user. I was able to replicate the bug, but clearing Safari worked as a fix for me, does not work for the user.
Upon opening the login UIWebView (or WKWebView) it goes straight to “oooops, something went wrong”, giving the invalid_request error with default “you may have pressed back button…” and so on. It does not allow the user to enter any credentials.
I’ve made sure all debug on my end was done and done correctly so this has to be some Auth0 issue.
Here’s the error:
{
"date": "2021-08-12T18:01:54.341Z",
"type": "w",
"description": "A user has attempted to access a login page directly. This is not supported unless a \"Application Login URI\" is set for your application, or a \"Tenant Login URI\" is set for your tenant. For more information, see: https://auth0.com/docs/universal-login/default-login-url",
"connection_id": "",
"ip": "2600:387:f:4410::5",
"user_agent": "Mobile Safari 14.1.1 / iOS 14.6.0",
"hostname": "mytennant.us.auth0.com",
"tracking_id": "1bd666d12031e6b9ea99",
"user_id": "",
"user_name": "",
"log_id": "90020210812180156771246000835416106209081863845401591826",
"_id": "90020210812180156771246000835416106209081863845401591826",
"isMobile": true
}
I followed official Auth0 guidelines for implementing Auth0 in my xamarin.forms app, and, again, everybody else can log in with no issues.
Yes - the user in question is one of my partners in the project, so I was able to poke around on his phone. No plugins, I tried browsing his app history, there are a few that use Auth0 for login so I thought maybe “secure storage” was somehow compromised and leaked outside of the app’s scope in OS, but no, nothing out of ordinary in the logs and telemetry, it basically thinks that his connection is somehow accessing Auth0 tenant with some weird error. I did most if not all debugging, including having him completely reinstall the app, running clearing UIWebView cache and cookies programmatically within the app (both in dev and prod) and all the other shenanigans I could think off. The breakpoint occurs when website with login is loaded on his phone’s webview, then it redirects straight to /authorize endpoint specified in field Application Login URI (we do not offer App login quite yet). I confirmed it by routing that to multiple endpoints on our website and they all popped up in the flow.
Now our web app does not have /authorize endpoint and I don’t think I can incorporate /authorize endpoint in my xamarin.forms app. Again, current setup works as intended on other devices with all possible flows
We are also having this exact issue with some users (both android & ios) in our Expo app
We cannot reproduce it and don’t have access to their phone.
Can we have some support?
When it happened to me, I had to fully clear secure storage in the device with a hotfix targeted update through app store, I hope you can plug that device in and clear secure storage by deployment, however I am not 100% sure if that was what fixed it, I couldn’t oversee user phone behavior, they just emailed me “ok, works now”.
I removed clearing secure storage from my method intercepting failed logins (that’s the only case I was clearing the secure storage).
Hi its a bit old, but i think this can help the community,
One of my college was having this problem, after some tests, clearing the cache of safari, etc…
He told me, he activated the functionality “Lock the cookie” dont know the exact termes.
After removing this functionality, the login page was working fine again.
After many attempts, I was able to solve this problem on iPhone. Go to Settings>Safari and uncheck ‘Block All Cookies’.
Just conjecture, but I believe what is happening here is auth0 first attempts to login with a token, but since cookies are blocked it defaults to trying use the login page directly. By unblocking cookies, the universal login succeeds.