Rules not running in Passwordless flow

kacperCz · February 11, 2020, 12:42pm

We want to switch from WebAuth passwordless to native Passwordless thanks to recent addition in iOS SDK (v1.20). But during the login process the rules are not fired.

The flow in the app is the following:

User creates an unverified account
In Profile settings in app user taps “verify” which opens passwordless flow
ID token is enriched with some additional parameters (including the userId from parameters) using Rules
The enriched ID token is sent back to the app, which unlocks functionalities that require a user’s e-mail.

The configuration described below is an exact copy of the config passed to WebAuth (parameters, clientID, scope, audience…)

Our invocation code:

static func startPasswordless(userId: String?, deviceToken: String? = nil,
                              email: String, completion: @escaping EmptyRequestResultBlock) {

    let optionalParameters: [String: String?] = [
        "prompt": "login",
        "platform": "ios",
        "locale": Locale.current.languageCode,
        "countryCode": Locale.current.regionCode,
        "deviceToken": deviceToken,
        "userId": userId
    ]

    let unwrappedParameters: [String: String] = optionalParameters.compactMapValues { $0 }

    Auth0
        .authentication(clientId: Auth0Configuration.shared.clientId, domain: Auth0Configuration.shared.domain)
        .startPasswordless(email: email, type: .Code, connection: ConnectionType.email.rawValue,
                           parameters: unwrappedParameters)
        .start { result in
            DispatchQueue.main.async {
                switch result {
                case .success:
                    completion(.success)
                case .failure(let error):
                    completion(.failure(error))
                }
            }
    }
}

static func sendOTP(_ otp: String, for email: String,
                    completion: @escaping ((RequestResult<Credentials>) -> Void)) {

    let scope: String = [
            "openid",
            "email",
            "profile",
            "read"
        ].joined(separator: " ")

    Auth0
        .authentication(clientId: Auth0Configuration.shared.clientId,
                        domain: Auth0Configuration.shared.domain)
        .login(
            email: email,
            code: otp,
            audience: Auth0Configuration.shared.userInfoEndpoint,
            scope: scope)
        .start {
            switch $0 {
            case .success(let credentials):
                completion(.success(credentials))
            case .failure(let error):
                completion(.failure(error))
            }
    }
}

Chipadeedoodah · February 11, 2020, 5:06pm

We’d love to see (if possible, record) a demo of this behavior, and talk to you more about what’s happening. Can you reach out to me at chip.johnson at auth0 dot com to get a Zoom meeting scheduled?

kacperCz · February 12, 2020, 10:33am

Awesome, sent you an email

konrad.sopala · February 12, 2020, 1:32pm

Perfect! Let other know what was failing here

aniasuchanecka · February 18, 2020, 9:21am

Hi @Chipadeedoodah Do we have any updates on that one?

Chipadeedoodah · February 18, 2020, 7:46pm

I’ll ask @andres.aguiar to weigh in, his team was exploring this as a possible bug in the login code.

aniasuchanecka · February 19, 2020, 12:35pm

Hi @andres.aguiar Could you share some updates?

konrad.sopala · February 19, 2020, 1:31pm

Cześć @aniasuchanecka! I’m gonna ping Andres in our internal chat!

konrad.sopala · February 20, 2020, 8:50am

Andres is still waiting for some answers from the engineering team. He’ll update you as soon as he have news to share!

aniasuchanecka · February 20, 2020, 1:35pm

Thanks a lot @konrad.sopala Me and @kacperCz, we’re really looking forward to it

konrad.sopala · February 20, 2020, 1:53pm

Sure! Will let you know once we have something to share!

andres.aguiar · February 21, 2020, 2:37am

@aniasuchanecka, @kacperCz we tried to reproduce it but were not able to. I’ll follow up with you directly.

BTW, meanwhile, can you try the same flow but without enriching the ID token and see if it works?

Thanks

konrad.sopala · February 21, 2020, 8:46am

Let us know what was the reesult once you have a chance to test it

kacperCz · March 11, 2020, 11:45am

We found the issue - our rule had a line that checked the context.request.query:

function (user, context, callback) {
    if (context.request.query) {
          var valueFromParams = context.request.query.mySuperSecretValue
          ...
    }
}

which contained the parameters in the WebAuth flow, but for native solution the same data appeared in the body property of the context.

Additionally, the parameters were sent in the startPasswordless function of the SDK instead of login . Passing them in login made them available in the context.request.body.

konrad.sopala · March 11, 2020, 12:59pm

Perfect! Glad to hear that! And thanks a lot for sharing with the rest of community!

system · March 26, 2020, 12:59pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.