Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

webAuth.authorize function doesn't behave as expected #874

Open
6 tasks done
Noitham opened this issue Mar 4, 2024 · 5 comments
Open
6 tasks done

webAuth.authorize function doesn't behave as expected #874

Noitham opened this issue Mar 4, 2024 · 5 comments
Labels
bug This points to a verified bug in the code

Comments

@Noitham
Copy link

Noitham commented Mar 4, 2024
edited
Loading

Checklist

Description

According to the documentation, if we have a valid session, when using the webAuth.authorize function and not passing in a additionalParameters: { prompt: ... } value, the modal should close right away and the user would automatically be logged in, as the cookie will still be there.

I've tried this behaviour, but it doesn't work as expected, I seem to be prompted every time with the login page, regardless of not passing the prompt: 'login' additionalParameters and having a valid session.

I have verified that we're indeed able to get authenticated if using the prompt: 'none' without displaying the login page, so, this does seem like a bug.

Reproduction

  1. Login via auth0.webAuth.authorize(..., scope, audience, etc...) - _tried both with email, or SMS connections, no difference) - Note, we're not passing additionalParameteres
  2. You'll receive the Credentials response.
  3. Save it, and so on, with credentials manager.
  4. Trigger again the auth0.webAuth.authorize(..., scope, audience, etc...) - You'll be shown the login page again, although a session (hence, cookies) was existing. - Note, we're not passing additionalParameteres

Additional context

No response

react-native-auth0 version

3.1.0

React Native version

0.71.14

Expo version

48.0.21

Platform

Android, iOS

Platform version(s)

macOS: macOS Sonoma 14.3.1; Xcode: 15.2
@Noitham Noitham added the bug This points to a verified bug in the code label Mar 4, 2024
@Noitham
Copy link
Author

Noitham commented Mar 6, 2024

Hello,

Adding a reply here as I've been suggested by the Auth0 Email Support ticket 02340685, ref: ref:!00D370JYbE.!500Ho01MhogC:ref.

I've been asking to clarify whether I was using an ephemeral session or not; that's not the case, ephemeralSession is not passed since we want to achieve SSO, and we don't mind showing the native alert box (needed since using ASWebAuthenticationSession).

@poovamraj
Copy link
Contributor

@Noitham are you using auth0-react on the website side? We have seen similar issues before where the web counterpart was not setup properly. Can you share how you have setup the hooks here without sensitive data?

@Noitham
Copy link
Author

Noitham commented Mar 25, 2024

Hello, @poovamraj, sorry for the late reply.

I've created a reproducible example project:

https://github.com/Noitham/auth0-sso-issue

I've added a Readme with the issue description as well as how to get the project running.
The issue seems to be related to the usage of the sms connection. Seems that in that case, the authorize function doesn't behave as expected in terms of the prompt, since it's always prompting for authentication although having a valid ongoing session.

@Noitham
Copy link
Author

Noitham commented Apr 8, 2024

Hello @poovamraj, is there any update on the issue?

Have you been able to reproduce it with the example?

@david-shiko
Copy link

Probably the same

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This points to a verified bug in the code
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@poovamraj @david-shiko @Noitham