Auth0 crashes due to swift task continuation misuse

[erichoracek]

Checklist

• [X] The issue can be reproduced in the Auth0.swift sample app (or N/A).
• [X] I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
• [X] I have looked into the API documentation and have not found a suitable solution or answer.
• [X] I have searched the issues and have not found a suitable solution or answer.
• [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• [X] I agree to the terms within the Auth0 Code of Conduct.

Description

We have seen two crashes in the Auth0 SDK with SWIFT TASK CONTINUATION MISUSE.

These crashes occur on the order of 1-20 times per day in our app in production, as reported by Sentry.

Here are the two relevant stack traces:

Crash 1: Auth0WebAuth.swift:175

Exception Type: EXC_BREAKPOINT (SIGTRAP)
Crashed Thread: 0

Application Specific Information:
_Concurrency/CheckedContinuation.swift > Fatal error > SWIFT TASK CONTINUATION MISUSE: start() tried to resume its continuation more than once, throwing The user cancelled the Web Auth operation.!

Thread 0 Crashed:
0   libswiftCore.dylib              0x32e5923fc         _assertionFailure
1   libswift_Concurrency.dylib      0x3522f5a00         CheckedContinuation.resume
2   Redacted                        0x10490d628         [inlined] CheckedContinuation.resume<T>
3   Redacted                        0x10490d628         Auth0WebAuth.start (Auth0WebAuth.swift:306)
4   Redacted                        0x10490b05c         Auth0WebAuth.start (Auth0WebAuth.swift:175)
5   Redacted                        0x10490ffd4         thunk for closure
6   Redacted                        0x10490af78         thunk for closure
7   Redacted                        0x1048fb10c         WebAuthentication.asProvider
8   Redacted                        0x1048fb700         thunk for closure
9   AuthenticationServices          0x4232a2874         __111-[ASWebAuthenticationSession initWithURL:callbackURLScheme:usingEphemeralSession:jitEnabled:completionHandler:]_block_invoke
10  SafariServices                  0x37d548314         -[SFAuthenticationSession safariViewControllerDidFinish:]
11  SafariServices                  0x37d617db0         -[SFSafariViewController remoteViewControllerWillDismiss:]
12  SafariServices                  0x37d5ea290         -[SFBrowserRemoteViewController willDismissServiceViewController]
13  CoreFoundation                  0x33bde5790         __invoking___
14  CoreFoundation                  0x33bde5228         -[NSInvocation invoke]
15  libdispatch.dylib               0x34bd9e2fc         _dispatch_client_callout
16  libdispatch.dylib               0x34bda1d44         _dispatch_block_invoke_direct
17  FrontBoardServices              0x36c6de51c         __FBSSERIALQUEUE_IS_CALLING_OUT_TO_A_BLOCK__
18  FrontBoardServices              0x36c6de49c         -[FBSMainRunLoopSerialQueue _targetQueue_performNextIfPossible]
19  FrontBoardServices              0x36c6de374         -[FBSMainRunLoopSerialQueue _performNextFromRunLoopSource]
20  CoreFoundation                  0x33bdeb128         __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
21  CoreFoundation                  0x33bdea3a4         __CFRunLoopDoSource0
22  CoreFoundation                  0x33bde8b58         __CFRunLoopDoSources0
23  CoreFoundation                  0x33bde7894         __CFRunLoopRun
24  CoreFoundation                  0x33bde7474         CFRunLoopRunSpecific
25  GraphicsServices                0x3c29194f4         GSEventRunModal
26  UIKitCore                       0x340436628         -[UIApplication _run]
27  UIKitCore                       0x340435c64         UIApplicationMain
28  SwiftUI                         0x34491c4b4         OUTLINED_FUNCTION_31
29  SwiftUI                         0x34491c2f8         OUTLINED_FUNCTION_31
30  SwiftUI                         0x34458ce8c         OUTLINED_FUNCTION_26
31  Redacted                        0x2023a3188         [inlined] AppLauncher.main (Redacted.swift:51)
32  Redacted                        0x2023a3188         [inlined] AppLauncher.$main (<compiler-generated>:41)
33  Redacted                        0x2023a3188         main
34  <unknown>                       0x1d6d92dcc         <redacted>

Crash 2: OAuth2Grant.swift:91

Exception Type: EXC_BREAKPOINT (SIGTRAP)
Crashed Thread: 0

Application Specific Information:
_Concurrency/CheckedContinuation.swift > Fatal error > SWIFT TASK CONTINUATION MISUSE: start() tried to resume its continuation more than once, returning Credentials(accessToken: "<REDACTED>", tokenType: "Bearer", idToken: "<REDACTED>", refreshToken: Optional("<REDACTED>"), expiresIn: 2024-02-05 15:26:47 +0000, scope: Optional("Redacted"), recoveryCode: nil)!

Thread 0 Crashed:
0   libswiftCore.dylib              0x31b92a3fc         _assertionFailure
1   libswift_Concurrency.dylib      0x33f635820         CheckedContinuation.resume
2   Redacted                        0x1071ed650         [inlined] CheckedContinuation.resume<T>
3   Redacted                        0x1071ed650         Auth0WebAuth.start (Auth0WebAuth.swift:306)
4   Redacted                        0x107212cec         PKCE.credentials (OAuth2Grant.swift:91)
5   Redacted                        0x107209448         [inlined] IDTokenValidator.validate (IDTokenValidator.swift:32)
6   Redacted                        0x107209448         IDTokenValidator.validate
7   Redacted                        0x107217b38         thunk for closure
8   libdispatch.dylib               0x3390dc6a4         _dispatch_call_block_and_release
9   libdispatch.dylib               0x3390de2fc         _dispatch_client_callout
10  libdispatch.dylib               0x3390ec994         _dispatch_main_queue_drain
11  libdispatch.dylib               0x3390ec5ac         _dispatch_main_queue_callback_4CF
12  CoreFoundation                  0x329133018         __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__
13  CoreFoundation                  0x32912fd24         __CFRunLoopRun
14  CoreFoundation                  0x32912f474         CFRunLoopRunSpecific
15  GraphicsServices                0x3afc114f4         GSEventRunModal
16  UIKitCore                       0x32d77e628         -[UIApplication _run]
17  UIKitCore                       0x32d77dc64         UIApplicationMain
18  SwiftUI                         0x331c644b4         OUTLINED_FUNCTION_31
19  SwiftUI                         0x331c642f8         OUTLINED_FUNCTION_31
20  SwiftUI                         0x3318d4e8c         OUTLINED_FUNCTION_26
21  Redacted                        0x204cdb188         [inlined] AppLauncher.main (Redacted.swift:51)
22  Redacted                        0x204cdb188         [inlined] AppLauncher.$main (<compiler-generated>:41)
23  Redacted                        0x204cdb188         main
24  <unknown>                       0x1c40f2dcc         <redacted>

Reproduction

These crashes are not easily reproducible, we have only discovered them via production crash logs.

Additional context

No response

Auth0.swift version

2.5.0

Platform

iOS, iPadOS

Platform version(s)

iOS 16-17

Xcode version

15.1

Package manager

Swift Package Manager

[Widcket]

Hi @erichoracek, thanks for raising this.

Would you happen to have any additional contextual information on this issue? For example, in this instance, it happened when the login button was rapidly tapped twice while the app window was not active yet.

[erichoracek]

Hi @Widcket, we don't have a lot of information since we can't reproduce these crashes, but both of these appear to about 5-10 seconds after a SFBrowserRemoteViewController is dismissed as part of user login.

[Widcket]

Unfortunately, without more information, there's not much we can do. I'm no longer the maintainer of this library, so I cannot dedicate more time to look into this.

[erichoracek]

We are in the same situation—we're unable to reproduce this locally. Since the crash is clear about the cause I'd assume it should be possible to make a fix by storing some state locally and checking it to ensure the continuation is invoked once, even if we don't know the root cause or have a repro case.

[Widcket]

I think I managed to reproduce it:

https://github.com/auth0/Auth0.swift/assets/5055789/b0adccea-8469-416c-8004-15337111748d

If this is is the same crash (please check in your crash reports) then it's due to a race condition because of the two login transactions happening at the same time.

[Widcket]

The above happens when tapping two of the login buttons at the same time (e.g. Google login and email/password login) logging in in one of the browser modals, and then very quickly pressing cancel on the second as soon as the first is dismissed.

As a race condition, it doesn't happen all the time, and is hard to get just right.

[Widcket]

It shouldn't be possible to open two browser modals at the same time, though.