Auth0.swift
Auth0.swift copied to clipboard
auth0
Auth0 crashes due to swift task continuation misuse
Checklist
- [X] The issue can be reproduced in the Auth0.swift sample app (or N/A).
- [X] I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
- [X] I have looked into the API documentation and have not found a suitable solution or answer.
- [X] I have searched the issues and have not found a suitable solution or answer.
- [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
- [X] I agree to the terms within the Auth0 Code of Conduct.
Description
We have seen two crashes in the Auth0 SDK with SWIFT TASK CONTINUATION MISUSE.
These crashes occur on the order of 1-20 times per day in our app in production, as reported by Sentry.
Here are the two relevant stack traces:
Crash 1: Auth0WebAuth.swift:175
Exception Type: EXC_BREAKPOINT (SIGTRAP)
Crashed Thread: 0
Application Specific Information:
_Concurrency/CheckedContinuation.swift > Fatal error > SWIFT TASK CONTINUATION MISUSE: start() tried to resume its continuation more than once, throwing The user cancelled the Web Auth operation.!
Thread 0 Crashed:
0 libswiftCore.dylib 0x32e5923fc _assertionFailure
1 libswift_Concurrency.dylib 0x3522f5a00 CheckedContinuation.resume
2 Redacted 0x10490d628 [inlined] CheckedContinuation.resume<T>
3 Redacted 0x10490d628 Auth0WebAuth.start (Auth0WebAuth.swift:306)
4 Redacted 0x10490b05c Auth0WebAuth.start (Auth0WebAuth.swift:175)
5 Redacted 0x10490ffd4 thunk for closure
6 Redacted 0x10490af78 thunk for closure
7 Redacted 0x1048fb10c WebAuthentication.asProvider
8 Redacted 0x1048fb700 thunk for closure
9 AuthenticationServices 0x4232a2874 __111-[ASWebAuthenticationSession initWithURL:callbackURLScheme:usingEphemeralSession:jitEnabled:completionHandler:]_block_invoke
10 SafariServices 0x37d548314 -[SFAuthenticationSession safariViewControllerDidFinish:]
11 SafariServices 0x37d617db0 -[SFSafariViewController remoteViewControllerWillDismiss:]
12 SafariServices 0x37d5ea290 -[SFBrowserRemoteViewController willDismissServiceViewController]
13 CoreFoundation 0x33bde5790 __invoking___
14 CoreFoundation 0x33bde5228 -[NSInvocation invoke]
15 libdispatch.dylib 0x34bd9e2fc _dispatch_client_callout
16 libdispatch.dylib 0x34bda1d44 _dispatch_block_invoke_direct
17 FrontBoardServices 0x36c6de51c __FBSSERIALQUEUE_IS_CALLING_OUT_TO_A_BLOCK__
18 FrontBoardServices 0x36c6de49c -[FBSMainRunLoopSerialQueue _targetQueue_performNextIfPossible]
19 FrontBoardServices 0x36c6de374 -[FBSMainRunLoopSerialQueue _performNextFromRunLoopSource]
20 CoreFoundation 0x33bdeb128 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
21 CoreFoundation 0x33bdea3a4 __CFRunLoopDoSource0
22 CoreFoundation 0x33bde8b58 __CFRunLoopDoSources0
23 CoreFoundation 0x33bde7894 __CFRunLoopRun
24 CoreFoundation 0x33bde7474 CFRunLoopRunSpecific
25 GraphicsServices 0x3c29194f4 GSEventRunModal
26 UIKitCore 0x340436628 -[UIApplication _run]
27 UIKitCore 0x340435c64 UIApplicationMain
28 SwiftUI 0x34491c4b4 OUTLINED_FUNCTION_31
29 SwiftUI 0x34491c2f8 OUTLINED_FUNCTION_31
30 SwiftUI 0x34458ce8c OUTLINED_FUNCTION_26
31 Redacted 0x2023a3188 [inlined] AppLauncher.main (Redacted.swift:51)
32 Redacted 0x2023a3188 [inlined] AppLauncher.$main (<compiler-generated>:41)
33 Redacted 0x2023a3188 main
34 <unknown> 0x1d6d92dcc <redacted>
Crash 2: OAuth2Grant.swift:91
Exception Type: EXC_BREAKPOINT (SIGTRAP)
Crashed Thread: 0
Application Specific Information:
_Concurrency/CheckedContinuation.swift > Fatal error > SWIFT TASK CONTINUATION MISUSE: start() tried to resume its continuation more than once, returning Credentials(accessToken: "<REDACTED>", tokenType: "Bearer", idToken: "<REDACTED>", refreshToken: Optional("<REDACTED>"), expiresIn: 2024-02-05 15:26:47 +0000, scope: Optional("Redacted"), recoveryCode: nil)!
Thread 0 Crashed:
0 libswiftCore.dylib 0x31b92a3fc _assertionFailure
1 libswift_Concurrency.dylib 0x33f635820 CheckedContinuation.resume
2 Redacted 0x1071ed650 [inlined] CheckedContinuation.resume<T>
3 Redacted 0x1071ed650 Auth0WebAuth.start (Auth0WebAuth.swift:306)
4 Redacted 0x107212cec PKCE.credentials (OAuth2Grant.swift:91)
5 Redacted 0x107209448 [inlined] IDTokenValidator.validate (IDTokenValidator.swift:32)
6 Redacted 0x107209448 IDTokenValidator.validate
7 Redacted 0x107217b38 thunk for closure
8 libdispatch.dylib 0x3390dc6a4 _dispatch_call_block_and_release
9 libdispatch.dylib 0x3390de2fc _dispatch_client_callout
10 libdispatch.dylib 0x3390ec994 _dispatch_main_queue_drain
11 libdispatch.dylib 0x3390ec5ac _dispatch_main_queue_callback_4CF
12 CoreFoundation 0x329133018 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__
13 CoreFoundation 0x32912fd24 __CFRunLoopRun
14 CoreFoundation 0x32912f474 CFRunLoopRunSpecific
15 GraphicsServices 0x3afc114f4 GSEventRunModal
16 UIKitCore 0x32d77e628 -[UIApplication _run]
17 UIKitCore 0x32d77dc64 UIApplicationMain
18 SwiftUI 0x331c644b4 OUTLINED_FUNCTION_31
19 SwiftUI 0x331c642f8 OUTLINED_FUNCTION_31
20 SwiftUI 0x3318d4e8c OUTLINED_FUNCTION_26
21 Redacted 0x204cdb188 [inlined] AppLauncher.main (Redacted.swift:51)
22 Redacted 0x204cdb188 [inlined] AppLauncher.$main (<compiler-generated>:41)
23 Redacted 0x204cdb188 main
24 <unknown> 0x1c40f2dcc <redacted>
Reproduction
These crashes are not easily reproducible, we have only discovered them via production crash logs.
Additional context
No response
Auth0.swift version
2.5.0
Platform
iOS, iPadOS
Platform version(s)
iOS 16-17
Xcode version
15.1
Package manager
Swift Package Manager
Hi @erichoracek, thanks for raising this.
Would you happen to have any additional contextual information on this issue? For example, in this instance, it happened when the login button was rapidly tapped twice while the app window was not active yet.
Hi @Widcket, we don't have a lot of information since we can't reproduce these crashes, but both of these appear to about 5-10 seconds after a SFBrowserRemoteViewController is dismissed as part of user login.
Unfortunately, without more information, there's not much we can do. I'm no longer the maintainer of this library, so I cannot dedicate more time to look into this.
We are in the same situation—we're unable to reproduce this locally. Since the crash is clear about the cause I'd assume it should be possible to make a fix by storing some state locally and checking it to ensure the continuation is invoked once, even if we don't know the root cause or have a repro case.
I think I managed to reproduce it:
https://github.com/auth0/Auth0.swift/assets/5055789/b0adccea-8469-416c-8004-15337111748d
If this is is the same crash (please check in your crash reports) then it's due to a race condition because of the two login transactions happening at the same time.
The above happens when tapping two of the login buttons at the same time (e.g. Google login and email/password login) logging in in one of the browser modals, and then very quickly pressing cancel on the second as soon as the first is dismissed.
As a race condition, it doesn't happen all the time, and is hard to get just right.
It shouldn't be possible to open two browser modals at the same time, though.