Login broken on iOS 18.1

[matejhacin]

I am facing a weird issue where the login seems to stop working after updating to iOS 18.1

From what I'm seeing, the redirect is never registered, so the auth web browser just keeps loading for a while until it times out and I get an error message "the server stopped responding".

I am using the latest AppAuth version 1.7.6. Is there anything that happened in the latest iOS versions that could break the logic?

This is the function I am using to start the authentication process:
(You can see that I am using an external agent but I also tried without - the result is the same)

func startAuthentication(presentingVC: UIViewController) {
        var additionalParams = [
            "prompt" : AUTH_PROMPT,
            "ui_locales" : Locale.current.languageCode ?? "en"
        ]
        if BuildFlavor.isTimeAndSpace {
            additionalParams["AppId"] = "F159B4FA-B70F-4F4E-9C34-4C9ECF3C7F9A"
        }
        let config = OIDServiceConfiguration(
            authorizationEndpoint: URL(string: Constants.Network.ACTIVE_ENVIRONMENT.authorizationEndpoint!)!,
            tokenEndpoint: URL(string: Constants.Network.ACTIVE_ENVIRONMENT.tokenEndpoint!)!)
        let request = OIDAuthorizationRequest(
            configuration: config,
            clientId: AUTH_CLIENT_ID,
            scopes: AUTH_SCOPES,
            redirectURL: URL(string: AUTH_REDIRECT_URI)!,
            responseType: OIDResponseTypeCode,
            additionalParameters: additionalParams)
        let appDelegate = UIApplication.shared.delegate as! AppDelegate
        let externalAgent = OIDExternalUserAgentASWebAuthenticationSession(with: presentingVC)
        
        appDelegate.currentAuthorizationFlow = OIDAuthState.authState(byPresenting: request, externalUserAgent: externalAgent) { authState, error in
            if let networkError = error?.extractNetworkError() {
                self.state.accept(
                    networkError.code == -3 ? .Cancelled : .Failure(message: error?.localizedDescription ?? NSLocalizedString("Unknown error has occurred, please retry.", comment: ""))
                )
            } else if let authState = authState {
                self.state.accept(.Loading)
                self.saveToken(authState: authState)
                self.loadUserData()
            }
        }
    }

And the code for handling the redirect inside AppDelegate:

func application(_ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey : Any] = [:]) -> Bool {
        if let authorizatonFlow = currentAuthorizationFlow, authorizatonFlow.resumeExternalUserAgentFlow(with: url) {
            self.currentAuthorizationFlow = nil
            return true
        }
        return false
    }

Redirect URI is timeandspace://auth-callback/. The URL scheme is registered in the info.plist URL Types. If I try opening the URI manually in the browser, it gets redirected into my app, so that part should work.

As I said, this worked well for years now up until iOS 18+. Running this on a device with iOS 17 still works.

[mingyokim]

Hi there,

I was not able to reproduce your issue on iOS 18.1.1 - I was able to complete the authentication process successfully. I would recommend starting with the Example apps and see if there are any issues with your project.

Cheers,
Min Gyo

[brnnmrls]

Closing this, but feel free to reopen if issue persisted even with the example apps.

[matejhacin]

I actually tried on one of the examples today and managed to recreate the issue. I used the example Example-iOS_Swift-Carthage.

Here is the result when authenticating on iPhone running iOS 17.6.1:

And here is the result when running the same build on iOS 18.1.1:

On 17.6.1, the redirect happened almost immediately after I enter the credentials and I can see the auth token. On 18.1.1 it's like the redirect never happens and I get stuck on the loading page until the browser shows an error "website stopped responding".

Some more info:

• Both are physical devices, not emulators

• After I successfully entered the credentials on iOS 18.1.1, I stopped seeing the login form until I clear the safari cache in settings

• I had to do some minor modifications to the example code in order to get it to work, I'll note them below

The example code

I couldn't get the initial example to run due to some carthage errors, so I instead removed the Carthage frameworks and added the dependency over SPM:

These are the parameters I've set in AppAuthExampleViewController.swift

let kIssuer: String = "https://timespace.spica.com/identityserverapi";
let kClientID: String? = "pkce_mobile_client";
let kRedirectURI: String = "timeandspace://auth-callback/";

I also had to do minor modifications to doAuthWithAutoCodeExchange function because our auth server requires some additional parameters.

let additionalParams = [
            "prompt" : "login",
            "ui_locales" : Locale.current.languageCode ?? "en",
            "AppId" : "F159B4FA-B70F-4F4E-9C34-4C9ECF3C7F9A"
        ]

        // builds authentication request
        let request = OIDAuthorizationRequest(configuration: configuration,
                                              clientId: clientID,
                                              scopes: ["openid", "profile", "api", "offline_access"],
                                              redirectURL: redirectURI,
                                              responseType: OIDResponseTypeCode,
                                              additionalParameters: additionalParams)

After this, I ran the code on both devices. If you'd like to try and recreate the issue yourself, I'm also happy to provide the test credentials for this test auth server.

[matejhacin]

Sorry @brnnmrls I can't figure out how to reopen this issue myself, I probably don't have the permissions, so I'm tagging you here for you to see it. Thanks!

[brnnmrls]

Reopening! Thanks for all the details. I'll take some time this week to take a deeper dive into it and will update this issue when done.

[matejhacin]

Great, thanks!

[camden-king]

Hi @matejhacin!

I unfortunately am unable to repro your issue.

I have tested using Google (iOS 18.1 and 18.2) and Okta (iOS 18.2) as OAuth providers. I used Example-iOS_Swift-Carthage with Carthage removed and using Swift Package Manager instead. I tested using a physical device (iPhone 13 mini).

Are you able to repro this issue with any other OAuth providers? If not, it is likely an issue with the OAuth provider and not AppAuth.

[matejhacin]

Thanks @camden-king and sorry for the late reply.

So far I haven't been able to reproduce this on any other OAuth providers, so I will forward this issue to the OAuth provider and see if they can find an issue on their end.

Thanks a lot for the effort. I'll update this when I get to the bottom of it. I find it interesting that an issue on OAuth provider's side could've worked on previous versions of iOS but not 18.