Welcome and thank you for posting in Auth0 Community!
Can you please ask those users if they are blocking cookies in safari for some reason?
This is how the flow should go:
When an app tells the browser to make an authentication request (/authorize) Auth0 will return a 302 redirection to the login page if the user needs to be authenticated. Along with that 302, Auth0 will return a session cookie (named auth0 and auth0_compat).
This cookie, together with the internal state in the login endpoint URL (e.g. /u/login?state=xxxxx) allows Auth0 to resume the authentication flow.
If the auth0 cookie is not present in the request to /u/login or there is an invalid state, then Auth0 will:
- Redirect the user to the configured application login URI.
- Show an error page (to explain the user that something went wrong).
For a mobile app, redirecting to the web home page doesn’t really make sense, as it will confuse the user when an error happens.
The cookie should be in /authorize, and also present in the /u/login request. A browser should do this automatically, unless it’s blocking cookies for some reason. My guess would be that the users seeing this behavior are trying to login from a browser in their device instead of the app and blocking cookies for some reason.
Do you have any test credentials? If so you can send me a PM with the information and I will try to reproduce this on my end.