Auth0 silent auth not working on mobile, works fine elsewhere - javascript

Pretty stuck with this one. I'm using Auth0's SPA-JS SDK and it works perfectly for the most part, but on mobile when I refresh the page it logs me out.
I get the error that says "login required", but no such error when on the desktop. On the desktop, I can refresh the page as much as I want with no issue.
I am not using the dev keys anymore for my social signups, and the issue occurs on email signup as well, so I don't think dev keys are the issue either.
Thanks.

Are you using the mobile browser (eg Chrome / Safari)?
Or a mobile webview?
The latter case will always give you a private browser session where cookies and session storage are both aggressively dropped.
If you're not using the mobile browser then the other scenarios require more work. Logins via some form of the system browser work best.
Also are you using local storage of OAuth 2.0 tokens?
- if so try switching to session storage - could be related to cookies dropped due to a missing user gesture - eg Intelligent Tracking Protection

Related

Cookies disappear from a PWA each time a user restarts their phone

I have a web app that uses a cookie as an access token (to let users stay logged in after refreshing/closing the site/app). It works perfectly on desktop but when I try to use it on my Android phone (installing it via Chrome), for some reason it says that I'm not logged in which means it wasn't able to load the access token.
Why is this happening? Is there a difference between how cookies are handled in the browser and when starting a PWA as a standalone?
Also two little side questions, 1, is there a way to debug a PWA that's added to the homescreen (using some sort of remote debugger) and 2, would it be a security risk to use localStorage for storing the access token instead of a cookie? I realize neither is particularly safe but I read that cookies are slightly better for this sort of thing. localStorage works just fine when starting as a standalone

chrome.history.search – ignore mobile browsing

I'm building a Chrome plugin that tracks users' browsing history, but I'd like to ignore any mobile browsing, keeping only the logs that occurred on a signed-in desktop browser.
I'm also confused about whether the extension code itself runs on signed-in mobile browsers – my event script (using chrome.alarms) occasionally sends browsing logs to a server, and I can see logs being sent even when my laptop is closed, but they usually correspond to when I'm using Chrome on my iPhone.
I can't find any information on either of these issues Chrome's developer portal.
I'm also confused about whether the extension code itself runs on signed-in mobile browsers
Well, for one, mobile Chrome does not support extensions; as such, there is no such risks.
However, an extension published on Chrome Web Store will, by default, replicate itself upon installation to other Chrome profiles that are signed into the same account as part of Chrome Sync. The only way to prevent it is to disable extension sync for the profile, which also makes chrome.storage.sync to stop replicating.
So your "unexpected" logs may come from another desktop Chrome that's signed into the same account - assuming the extension is actually published in CWS.

facebook javascript sdk login not working on iOS / best practices for mobile

I'm trying to allow a user to login to my webapp via facebook login using the javascript SDK. It works on desktop (safari and chrome), however the pop up fails on both safari and chrome on iOS.
The error is straight forward to chrome where the browser and OS are not supported. This issue has a work around described here. It is less clear what the issue is with safari and not seeing the pop up. The login call is called on a button click so I don't believe the browser should block it. I also tried allowing pop ups as suggested here but that solution did not work nor is it a viable long term solution to force users to change that setting.
How do folks use facebook login in production and expect it to work on mobile? Do you need to use the manual fb login? It appears that the javascript SDK doesn't work well with mobile browsers and OS's.
This is common issue among mobile browsers and you will find that it would also be in some android devices.
For precaution it is under best practice to build flow of login manually.
Go here as your link.
So yes, you will need to go with manual integration. But, it will be full-proof integration without doubts.

Cookies in Windows 8 WinJS

How can i enable for the IE10 store the cookies?
Some internet services (Facebook Dialogs for example) pass variables this way which you need to use them in further request, but IE10 dont allow cookies.
What i'm trying to do is login at facebook with "Windows.Security.Authentication.Web.WebAuthenticationBroker", get the token, and then open the feed dialog... when i try to open the feed dialog, i receive an error, because the page have no cookies...
If your question is about WinRT Applications written using JavaScript/HTML/CSS then you don't have the notion of cookies, because this is not IE10 but instead it's the IE10 HTML rendering engine - Trident, and IE10 JS engine - Chakra. You have AppData (Local state, Temp state, Roaming state) in Windows Store Apps which you can use to store any data you want. Here's a guide how to access the Local State.
If the question is really about IE10 then I assure you IE10 supports cookies if the user has cookies enabled.

ASP.NET MVC 4/Web API Single Page App for Mobile Devices ... Needs Authentication

We have developed an ASP.NET MVC 4/Web API single page, mobile website (also using jQuery Mobile) that is intended to be accessed only from mobile devices (e.g., iPads, iPhones, Android tables and phones, etc.), not desktop browsers. This mobile website will be hosted internally, like an intranet site. However, since we’re accessing it from mobile devices, we can’t use Windows authentication. We still need to know which user (and their role) is logging in to the mobile website app.
We tried simply using ASP.NET’s forms authentication and membership provider, but couldn’t get it working exactly the way we wanted. What we need is for the user to be prompted for a user name and password only on the first time they access the site on their mobile device. After they enter a correct user name and password and have been authenticated once, each subsequent time they access the site they should just go right in. They shouldn’t have to re-enter their credentials (i.e., something needs to be saved locally to each device to identify the user after the first time).
This is where we had troubles. Everything worked as expected the first time. That is, the user was prompted to enter a user name and password, and, after doing that, was authenticated and allowed into the site. The problem is every time after the browser was closed on the mobile device, the device and user were not know and the user had to re-enter user name and password.
We tried lots of things too. We tried setting persistent cookies in JavaScript. No good. The cookies weren’t there to be read the second time. We tried manually setting persistent cookies from ASP.NET. No good. We, of course, used FormsAuthentication.SetAuthCookie(model.UserName, true); as part of the form authentication framework. No good. We tried using HTML5 local storage. No good. No matter what we tried, if the user was on a mobile device, they would have to log in every single time. (Note: we’ve tried on an iPad and iPhone running both iOS 5.1 and 6.0, with Safari configure to allow cookies, and we’ve tried on Android 2.3.4.)
Is there some trick to getting a scenario like this working?
Or, do we have to write some sort of custom authentication mechanism? If so, how? And, what?
Or, should we use something like claims-based authentication and WIF?
Or???
Any help is appreciated.
Thanks!
try adding .browser file as discussed here:
http://www.simonantony.net/knowledge-base/articles/browsing-your-site-on-an-iphone-using-chrome-does-not-work/
I know it says chrome, but i've accountered this problem with safari also.

Categories

Resources