React-native-auth0 login prompt "invalid_request" error for subset of users

Greetings! We’ve implemented the react-native-auth0 library in our managed Expo app following the Auth0 Expo SDK Quickstart.

A subset (~15-20%) of our users are seeing the following error on the login prompt (when our app calls the authorize() method):

Oops!, something went wrong

invalid_request: You may have pressed the back button, refreshed during login, opened too many login dialogs, or there is some issue with cookies, since we couldn’t find your session. Try logging in again from the application and if the problem persists please contact the administrator.

Possibly related: https://community.auth0.com/t/oops-something-went-wrong/75386

There are two confirmed scenarios where this is happening:

  1. Most occurrences: As soon as the login prompt is shown (authorize() called)

  2. One occurrence: After valid email passwordless code is entered into the login prompt

We are using the email passwordless authentication connection for our production users with identity first profile and universal login.

Few things we’ve tried to rule out/identify:

  • Users are all on same build of our app and this is effecting both iOS & Android

  • Issue occurs for users on various OS versions including latest iOS (16.4 & 16.5)

  • For scenario 1:

    • Neither User Details → History nor Monitoring → Logs show events for the login attempts
    • Application absent from User Details → Authorized Applications after login attempt
  • For scenario 2:

    • “Success Login” events are shown in the logs
    • Application present in User Details → Authorized Applications
  • Users are not “pressing back, refreshing during login, opening many login dialogs” etc. They are simply launching app and pressing our login button (which calls authorize())

  • We’ve confirmed this is not affecting most users, only a seemingly random subset


Here are some of our implementation details:

Package versions:

"react-native": "0.71.8"
"react-native-auth0": "^2.17.2"
"expo": "~48.0.17"

Expo app.config.ts config plugin settings:

plugins: [
  [
    'react-native-auth0',
    {
      domain: '<our domain>',
      customScheme: 'com.company.auth0',
    },
  ],
  ...
]

Auth0Provider:

<Auth0Provider domain='<our domain>' clientId='<our client id>'>
  <App />
</Auth0Provider>

Login button:

const { authorize, isLoading, user } = useAuth0();

if (isLoading) {
  return <LoadingScreen />;
}

if (user) {
  return <HomeScreen />;
}

// ...

<Button title="Log in" onPress={async () => {
  try {
    await authorize(
      { scope: '<our scopes>', audience: '<our api audience>', connection: 'email' },
      { ephemeralSession: true, customScheme: 'com.company.auth0' }
    );
  } catch (error) {
    // log error
  }
}} />

Application Allowed Callback URLs & Allowed Logout URLs:

com.company.auth0://<our domain>/ios/<ios bundle identifier>/callback, 
com.company.auth0://<our domain>/android/<android package name>/callback

Any help would be greatly appreciated and please let me know if there are any other details I can provide. Thank you!

1 Like