webAuth.authorize function doesn't behave as expected

Noitham commented 7 months ago

Checklist

[X] The issue can be reproduced in the react-native-auth0 sample app (or N/A).
[X] I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
[X] I have looked into the API documentation and have not found a suitable solution or answer.
[X] I have searched the issues and have not found a suitable solution or answer.
[X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
[X] I agree to the terms within the Auth0 Code of Conduct.

Description

According to the documentation, if we have a valid session, when using the webAuth.authorize function and not passing in a additionalParameters: { prompt: ... } value, the modal should close right away and the user would automatically be logged in, as the cookie will still be there.

I've tried this behaviour, but it doesn't work as expected, I seem to be prompted every time with the login page, regardless of not passing the prompt: 'login' additionalParameters and having a valid session.

I have verified that we're indeed able to get authenticated if using the prompt: 'none' without displaying the login page, so, this does seem like a bug.

Reproduction

Login via auth0.webAuth.authorize(..., scope, audience, etc...) - _tried both with email, or SMS connections, no difference) - Note, we're not passing additionalParameteres
You'll receive the Credentials response.
Save it, and so on, with credentials manager.
Trigger again the auth0.webAuth.authorize(..., scope, audience, etc...) - You'll be shown the login page again, although a session (hence, cookies) was existing. - Note, we're not passing additionalParameteres

Additional context

No response

react-native-auth0 version

3.1.0

React Native version

0.71.14

Expo version

48.0.21

Platform

Android, iOS

Platform version(s)

macOS: macOS Sonoma 14.3.1; Xcode: 15.2

Noitham commented 7 months ago

Hello,

Adding a reply here as I've been suggested by the Auth0 Email Support ticket 02340685, ref: ref:!00D370JYbE.!500Ho01MhogC:ref.

I've been asking to clarify whether I was using an ephemeral session or not; that's not the case, ephemeralSession is not passed since we want to achieve SSO, and we don't mind showing the native alert box (needed since using ASWebAuthenticationSession).

poovamraj commented 7 months ago

@Noitham are you using auth0-react on the website side? We have seen similar issues before where the web counterpart was not setup properly. Can you share how you have setup the hooks here without sensitive data?

Noitham commented 7 months ago

Hello, @poovamraj, sorry for the late reply.

I've created a reproducible example project:

https://github.com/Noitham/auth0-sso-issue

I've added a Readme with the issue description as well as how to get the project running. The issue seems to be related to the usage of the sms connection. Seems that in that case, the authorize function doesn't behave as expected in terms of the prompt, since it's always prompting for authentication although having a valid ongoing session.

Noitham commented 6 months ago

Hello @poovamraj, is there any update on the issue?

Have you been able to reproduce it with the example?

david-shiko commented 6 months ago

Probably the same

Noitham commented 3 weeks ago

No updates on this issue?

auth0 / react-native-auth0