Closed Mike-E-angelo closed 12 months ago
While I appreciated the amount of details you shared, there's sadly nothing at all that we can do on our side: the aspnet-contrib provider is purely a server-side component and cannot control how cookies are handled by the browser.
I'm afraid you'll have to ask Musk and its minions to take a look at this issue π
And FWIW, I personally do own an iPhone, so I made the test using your website: the Twitter "web view" doesnβt even load properly. All I get is a black screen π€£
I'm afraid you'll have to ask Musk and its minions to take a look at this issue π
Fair enough. π I was hoping that there may be an "add the DisableNative
flag to fix this" or some equivalent, but this appears to be wishful thinking. If anything, I am hoping that this will help others who may be running into the same issue. I have been encountering Correlation failed
messages for months but thought they may be due to upgrading from Twitter's Oauth v1. When they persisted after a few weeks, I knew there was something going on here different from that.
All I get is a black screen
Indeed, I have noticed all sorts of problems today myself while trying to figure out what is going on. This occurred several times:
π
Thank you for the bad news. Closing for now.
As a workaround, you could offer a native app to your users, but it's definitely not a cheap option π
Indeed @kevinchalet it would be expensive to both myself in terms of code + managing the different store deployments (+ funny content policies I've heard so much about), and also in terms of application users as they would be paying the store tax I would no doubt pass along to them. π°
FWIW I have created a bit of a solution (read: hack) to address this, where if the Correlation Failed error occurs I basically restart the authentication workflow process instead of throwing/showing an error. The user has to press the Authorize app
button twice, but that's... ok? π€ Better than the alternative.
Describe the bug
I have been tracking down an issue experienced with the Twitter v2 authentication workflow when using the iPhone and the Twitter native iOS application is installed. This appears to be an ugly issue and very complex. I have had several users report this and have had two members in particular work with me over the past several days to isolate what is going on.
It has ended up being so complex that I purchased a LambdaTest Real Device plan so that I can reproduce this for myself (no, I am not a fan of Apple and do not own any of its products π ).
After a day of configuration and wrestling with the device and applications, I believe I have figured out what is going on, and will attempt to explain the issue below.
To start, the iOS Twitter/X native application must be installed on the user's device to see this issue. When the oauth authorize endpoint is requested by a Safari instance, the Twitter/X application appears to be intercepting this request and opening its own instance of Safari in its application process, and is completely separate from the device's Safari. The result is two separate Safari instances:
Steps To reproduce
Authorize App
/signin-twitter
endpoint), but it's now in a different Safari instance than the one that initiated it. The correlation cookie is therefore not there and throws an exception. π₯Expected behaviour
It would be ideal to share the correlation cookie across browser instances (or force Twitter/X to use the initiating browser instance), but I am not sure if this is possible.
Actual behaviour
When initiating the Twitter v2 authentication workflow in a Safari instance and the Twitter iOS application is installed, the Twitter's Safari instance is used to intercept the request, which is a different Safari instance that was used to initiate it. This results in a
Correlation failed
exception as the correlation cookie is on another Safari instance (the one that initiated the workflow).System information
net7.0
Additional context
This is really incredibly complicated and has been reported for weeks, finally tracking it down today. I have done my best to relay this issue but additional questions may remain. I will do my best to clarify any further uncertainty around this issue for you.