box-ios-sdk
box-ios-sdk copied to clipboard
box
OAuth and 2FA not working
- [+] I have checked that the SDK documentation doesn't solve my issue.
- [+] I have checked that the API documentation doesn't solve my issue.
- [+] I have searched the Box Developer Forums and my issue isn't already reported (or if it has been reported, I have attached a link to it, for reference). https://support.box.com/hc/en-us/community/posts/360051279414-OAuth-and-2FA-not-working
- [+] I have searched Issues in this repo and my issue isn't already reported.
Description of the Issue
Authorization flow returns error for accounts with 2FA enabled. The test can be run on a sample app, which accompanies BoxSDK.
Steps to Reproduce
- Create test app in Developer Console
- Follow the guide https://github.com/box/box-java-sdk/ and setup client_id, secret and URL scheme in the sample app "OAuth2SampleApp"
- Login with account that has 2FA enabled
- See error as on the attached screenshot.
Expected Behavior
Authorization flow completed without error
Screenshots
Versions Used
iOS SDK: 4.3.0 iOS: 14.3 Xcode: 12.3
Hi @theli,
Thanks for submitting this Issue! We will take a look and get back to you ASAP!
@PJSimon
Hi @PJSimon,
Could you confirm this is a bug and if there is a plan to fix it? I consider it moderate to high importance because it does not allow to sign in the entire segment of users who have 2FA enabled.
This seems like a quite severe issue and it's still not fixed after a year, weird 🤔 Is there a workaround that people use?
FYI @arjankowski
Hi @robertwijas, sorry for the inconvenience. We'll do our best to fix it later this month.
Hello,
Do you have plans to fix this? No users with 2FA enabled can log in in Box anymore.
The attached project reproduces the problem (I mean, it's just a sample project that shows that I do nothing else than trying to create a Box client with OAuth).
It looks like the fix is an incorrect redirect URL on the server-side.
As described by @theli in their support forum issue, instead of redirecting to the REDIRECT_URL, the OAuth session is redirected to https://m.box.com/api/oauth2/authorize?client_id=xxxxxxxxxxxxxxx&redirect_uri=REDIRECT_URI&response_type=code instead.
Thanks!
Hi @bvirlet ,
The SDK team has already investigated this problem and found its root cause. As the problem is on the backend, we forwarded this issue to the appropriate team with our fix proposal. We are now waiting for a reply.
As soon as they fix this, we will let you know.
Regards, Artur
Hi @bvirlet, I haven't got any answer about ETA yet. As soon as I get any answer, I will let you know.
This issue has been automatically marked as stale because it has not been updated in the last 30 days. It will be closed if no further activity occurs within the next 7 days. Feel free to reach out or mention Box SDK team member for further help and resources if they are needed.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
I just received a message from the backend team who were working on this, that the fix has been deployed to production. I tested it and it looks like it's finally working, so I'm closing this ticket.
We apologize for making you wait so long for the fix. Regards