auth0
iOS SSO between App and Safari when a user has just registered a new Account in the App
Describe the problem
We have a working Android/iOS App which can successfully SSO into the browser using B2C as our IdP. This works for the following scenarios:
- Android:
- Logging into the App (and ticking the Keep Me Signed In checkbox), and then accessing a site from the default browser which uses the same IdP
- Registering a new account in the App (no KMSI checkbox here), and then accessing a site from the default browser which uses the same IdP
- iOS:
- Logging into the App (and ticking the Keep Me Signed In checkbox), and then accessing a site via Safari which uses the same IdP
What doesn't work:
- iOS:
- Registering a new account in the App (no KMSI checkbox here), and then accessing a site from via Safari which uses the same IdP
We have tested this on a real device, as was found in my other issue here, the SSO does not work in the iOS simulator
It becomes a little unclear here how the register scenario actually works in Android, as it must be persisting a cookie even though there is no KMSI checkbox, and based on this theory, therefore iOS should do the same, however it is not. Maybe there are reasons for this I am not aware of?
I would have thought someone might have come across this issue previously, but I couldn't find any references to this being an issue in the past.
Let me know if any further information is needed.
What was the expected behavior?
iOS should also works for SSO to Safari when a user registers a new account in the App, not only when they login to the App and tick the KMSI checkbox
Reproduction
- Register a new account in a Mobile App on iOS which is configured to support SSO through a persistent Cookie
- Once logged in, using Safari, go to a website which uses the same IdP and attempt to login - it should perform SSO, but is instead asking the user to log in
Environment
library version: 2.4.0 RN 0.60.6 ephemeralSession is set to false for both login and registerAccount flows
Hi @chookhen60, thanks for the detailed report. @Widcket will take a look at this
Hi @chookhen60, thanks for raising this. Could you please share a video of the issue?
Hi @Widcket, we are just doing up a video now showing the issue and will get it to you as soon as it's ready
Hi @Widcket apologies for the delay in getting this video to you.
Please see here for a video demonstrating the issue: https://drive.google.com/file/d/1kvA77J87RVNN6FRwxz5hk6s1vOcbXnYQ/view?usp=sharing
As mentioned above, in this video, a new user registers an account in the App (and the App does prompt correctly as we want the session to be able to SSO), and once they are logged in, the user clicks on the 'Wellbeing Platform' link, which should take them to a website which performs SSO and doesn't ask them to login again, but instead they are forced to re-enter their credentials.
Hi @chookhen60, thanks for the video.
I'm unable to reproduce the issue:
https://user-images.githubusercontent.com/5055789/182273483-9140472b-bbef-43fa-838d-28f9c0d6a58d.MP4
- I'm using a custom domain
- The custom domain is set as the Auth0 domain in the native app
- The custom domain is used in the web app as well
- The API I'm using as the audience has the following setting enabled:
Thanks for testing that on your end @Widcket.
We'll have a look at those things on our end to see if we can narrow down what the issue might be, but it does seem to be an issue outside of this library (especially as yours is working as intended)
Seems like your issue is solved @chookhen60, so I'll close this one. Please feel free to ping if you'd prefer to reopen.