We have a single user which is unable to access the universal login page when using our native iOS app. He has attempted to use different browsers as the default browser, cleared local cookies, etc. How do we debug this issue? This is a user who is a customer and I do not have access to their device.
From the auth0 logs it seems he is hitting this problem:
A user has attempted to access a login page directly. This is not supported unless a “Application Login URI” is set for your application, or a “Tenant Login URI” is set for your tenant. For more information, see: Configure Default Login Routes
However, we’re a native iOS app using the Universal Login page so it doesn’t seem like we should ahve anything to do with either of those URIs…
Is the user initiating login from your application? Or directly in a browser?
We typically see this error when a user has bookmarked the Auth0 login page in their browser, or has saved it in a note or something and is copy/pasting in a browser.
The login should be initiated in your application.
Do you have any other users who are experiencing this? Or other users who are successfully logging in?
This is happening for only one user, all our other users are able to log in just fine. This user is logging in through our app, not directly through the browser. I didn’t ask about bookmarks, I can ask about that.
We tested change the code to “useEphemeralSession” and it allowed this user to login. However I’m not sure exactly what the behavior change is with that setting so don’t know if we want to keep it set that way. Thoughts?
Thanks for the link. While I understand the words, I don’t understand the User Experience impact of not using the shared cookie jar. It seems at this point that our users have to log in all the time and no credentials are stored, or they’re expiring within hours and not refreshing, whereas prior to using ephemeral sessions that was not the case.
I think we’re going to investigate adding a mode where if a user requires using an ephemeral session to make the application work they can enable it and suffer the unfortunate consequences.
Any other thoughts on debugging this further or investigation lines that we should pursue?
Issues where a single user/device is impacted are notoriously difficult to debug. Is there any way to get a screen capture of the whole flow? You can DM it to me.