Social Media Logins failing (in one specific tennant) even though the Try Connection succeeds

amalyc · June 7, 2022, 3:37pm

I have a Dev Tennant and a Staging Tennant
I have 2 native (Android, IOS) and 1 SPA Web client
I want to do Auth0 Logins, Facebook and Google Social logins
so 3 clients by 3 login types = 9 cases to test

All 9 cases work fine in my DEV tennant (with Auth0 development keys)
Same configurations in my STAGE tennant (except using a custom domain)
All 6 social media login cases fail with a message that does not help me identify why
But Try Connection for my Social Media login configurations WORKS in STAGE

I have been advised to replace the Development keys with the real Google/Facebook keys but that is causing some other issues.

But if the Try Connection Works with Dev keys I cant see why this would not work with Dev keys from my clients, as a first step to resolving these issues

I get the same error page from all 3 clients

logs shows “Invalid_Request” ??? but why

{
“date”: “2022-06-07T15:25:39.983Z”,
“type”: “f”,
“description”: “You may have pressed the back button, refreshed during login, opened too many login dialogs, or there is some issue with cookies, since we couldn’t find your session. Try logging in again from the application and if the problem persists please contact the administrator.”,**
“connection_id”: “”,
“ip”: XX Obscured XX
“user_agent”: “Chrome 102.0.0 / Windows 10.0.0”,
“details”: {
“body”: {},
“qs”: {
“state”: "Fe26.24b90c82ae2a981129a10db8f866946d530cef89faa8df0b9cfcdfe60f381bcf9dpuX9gQ4rBoVngB8GYb82Qg4qlWFqHC0e-VEY9ZkHdM8OnlZYq-iH7LyfTYPJaSv0**fe400b68694dbec4231972333339b852d103db0e83119793523361aafdf77e3cGfp6t4mYoyY_f462-XcqlY2KFq_nNCIYFv5C2duqw70",
“code”: “4/0AX4XfWgGNYd96-NrNnIfiFzqI6fXzLcKjIm8VtSF-2Tt_vg7t4k9f5hhtB4HCnVCBM6eEA”,
“scope”: “email profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile openid”,
“authuser”: “1”,
“prompt”: “consent”
},
“error”: {
“message”: “You may have pressed the back button, refreshed during login, opened too many login dialogs, or there is some issue with cookies, since we couldn’t find your session. Try logging in again from the application and if the problem persists please contact the administrator.”,
“oauthError”: “invalid_request”,
“type”: “request-error”
},
“session_id”: “q1L1bzF-bejIKXsNr6Asr12NY2__RQ2y” },
“hostname”: “needuum-stage.us.auth0.com”,
“log_id”: XX Obscured XX
“_id”: XX Obscured XX
“isMobile”: false
}

I am using a variety of SDK’s and Auth0 Libraries within the 3 clients,
too many to list here but the behaviors is common across all

anybody have a similar issue, would appreciate hearing how you resolved it

tyf · June 8, 2022, 12:31am

Hi there @amalyc thanks for the detailed description of the issue you’re seeing!

Is there any chance you are using Classic Universal Login? This is a known limitation if so:

Let us know either way!

amalyc · June 8, 2022, 2:39am

How would I determine that (using classic UL versus new)?
sorry but i haven’t looked at this code and configuration for a long, long time
I am still using com.auth0.android:auth0:1.8.0
and using WebAuthProvider.init( to start the login/register process
I know this has been removed in the 2.* version of the SDK but havent migrated yet
Is that “Classic” or how do i tell, I think I had changed to using New UL a while back

amalyc · June 8, 2022, 8:04pm

I found the setting and no I am NOT using Classic UL I am using New UL
so that is not it

I have setup a facebook App to use proper keys for social login (and Try Copnnection works)
and I am going to test this with my Android client
I expect the same error since using Auth0 Dev keys also works on try connection and then errors from my client

amalyc · June 8, 2022, 8:58pm

Ok, surprisingly after configuring Facebook real keys and changing my callback scheme to Https as required by the facebook App setup, I was able to successfully register through facebook login using Android client and still using the old SDK 1.8.0.

Although using https on Android causes a significant problem where the user is prompted which app to handle the callback with and if they choose Chrome my App is thrown into an inconsistent state, because I need to perform certain steps triggered by the callback in my App.

tyf · June 8, 2022, 10:29pm

Hey @amalyc thanks for following up here!

Good to know this is working for you - I am not entirely sure why the developer keys weren’t working, but we do always recommend updating those in any sort of non-testing environment due to the fact that they can be unreliable in certain scenarios.

Unfortunately, I believe this to be a system behavior for which there isn’t much we can do to address it. We typically recommend using a custom scheme but it sounds like that’s not an option for Facebook. Some more details on this here:

amalyc · June 9, 2022, 2:09am

So i did not change any of the code on my IOS client,
and then tried to login as my newly registered Facebook User (which came from successful registration on the modified scheme code from Android)
and I expected it wouldn’t work (since the Facebook App I setup was of Type Android)
but I was able to log in no problem, through the facebook Authentication from Iphone code built before I did the Facebook App config for a different platform.

This I thought would illustrate a problem for me , in the Auth0 console i can set up 1 app ID and 1 secret for facebook logins, but I am going to have different App ID’s from 3 facebook Apps, 1 for each client (Android, Iphone, SPA). how am I supposed to configure for that?

then i looked into my user repository (was going to wipe the user to test again) and I see two users from Facebook, same name , same email, different suffix on the userid obviously, but why? If I cant be certain that the facebook login is going to connect me to the one and only user that should be in my user list from facebook for that individual, then how can i trust the results? If i did try inadvertently to register the same user twice I would have expected a rejection, I don’t know why facebook would have provided a profile with different userid suffix for the same user (me)

I wish these processes didn’t have so many dimensions to them, if this is “out of the box” I’d hate to see the alternative

amalyc · June 9, 2022, 2:30am

Question for @tyf

If a user exists already (via Social Media Authentication),
and I try to register that same user via Social Media Authentication
does it just log me in instead? as this seems to be what is happening

Also I can register a facebook user (me) from either ios or android client even though the facebook App creation steps made me select a type as part of the configuration and i chose Android.
I will test the same user creation process via SPA now.
I have not seen a repeat of duplicated same facebook user, but of course my test sample is miniscule

amalyc · June 9, 2022, 2:40am

And vice-versa I had intended to Register a new facebook user from my SPA but instead I clicked the facebook button on the log-in screen, and it went right through and created my new facebook user anyway
(I had deleted the user from my previous tests)
and yet when i look at me newly reconstituted user history, i see details from the past few days
so I guess Delete the user does not delete everything about that user
in any case SPA client now seems to work with the “Android” configured facebook App as well

tyf · June 24, 2022, 2:40am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.