The iTunes transporter currently errors when processing an application using any of the RC versions (currently 1.0.0-rc4). Currently using carthage to build the framework.

ERROR ITMS-90060: "This bundle is invalid. The value for key CFBundleShortVersionString '1.0.0-rc.4' in the Info.plist file must be a period-separated list of at most three non-negative integers.

Manually (or using plistbuddy) changing the version of the framework's plist to 1.0.0 and rebuilding removes the error. I know this is "RC", but this was found when submitting our builds to TestFlight for internal testing.

At the first login to Facebook the redirect URL contains "fragment" _=_
For example
com.auth0.akswiftauth0test://juliazhelem.eu.auth0.com/ios/com.auth0.AKSwiftAuth0Test/callback?code=pMmrjQQO7EAQGJmt&state=pg76m1ep6TD0RwYzwrlszuh7bpXjwIBmaxW_NWacZCM#_=_

Auth0.swift analyzes this URL and marks it as “not completed” (Auth0.resumeAuth(url, options: options) returns "false")

For the next logins to Facebook the redirect URL does not contain any fragments and everything works fine

Possible solution:
Function SafariSession.resume(...) does not check "fragment", only "query".
So changing let items = components.a0_values to let items = components.a0_queryValues in file https://github.com/auth0/Auth0.swift/blob/master/Auth0/OAuth2Session.swift#L86 might fix the issue

Heyo,

So, when I authenticate as per the example in the README:

Auth0
.authentication()
.login(
emailOrUsername: "[email protected]",
password: "a secret password",
connection: "Username-Password-Authentication"
)
.start { result in
switch result {
case .success(let credentials):
print("access_token: (credentials.accessToken)")
case .failure(let error):
print(error)
}
}

I get a build error that I'm required to send other stuff. Notable these things are:

• multifactorCode
• scope
• parameters

(See attached screenshot.)

It's totally fine if these are, in fact, required.. but seems like the example should reflect that.

SFSafariViewController will no longer share cookies with Safari starting from iOS 11. This makes it hard to sign user out from social identity provider. Alternative approach is to use SFAuthenticationSession for authentication/authorisation. It was discussed in openid/AppAuth-iOS#120 and there's a proposed pull request openid/AppAuth-iOS#129
Is there any ongoing development to support iOS 11?

Running under iOS 11 (and Swift >= 3.2), SafariWebAuth.clearSession ignores the federated flag passed into the function. It does not add the 'federated' parameter to the logoutURL.

I have two problems:

1. Using: github "auth0/Auth0.swift" 1.0.0, pulls an older version of the repository, with the swift 2.3 support, which doesn't work with Swift 3.0. When I try an upload to iTunes Connect I get an error saying the framework does not support my version of Swift. Changing to github "auth0/Auth0.swift" "master" seems to work, which brings me to problem 2.
2. I get the following error message:

In the plist of the project the bundle version is set to 1.0.0-rc.4 which is unsupported:
CFBundleShortVersionString1.0.0-rc.4

Is this a bug or am I suppose to use another string in my Cartfile to install the framework with support for Swift 3?

Are you evaluating to support Xcode 8?

We need to use your framework in one of our projects and since iOS 10 is going to be released tomorrow, we need this ASAP.

Please, let us know what you can do about it.

Thanks.

not able to login today but I could before three days...
I logged it and got this "error":"access_denied","error_description":"secret must be a string or buffer"
Can any one help?

SWIFT 3

Previously, I was able to use a "legacy" call to generate id_token that contained the user's app_metadata like this:

authentication.login(usernameOrEmail: email,
                                  password: password,
                                  connection: "Username-Password-Authentication",
                                  scope: "openid app_metadata offline_access",
                                  parameters: ["device": deviceName])

However, per June 8 update, the Legacy: RO jwt-bearer grant type isn't supported anymore... which means said method call doesn't work.

I've updated to use the new realm login method like this:

authentication.login(usernameOrEmail: email,
                                  password: password,
                                  realm: "Username-Password-Authentication",
                                  scope: "openid app_metadata offline_access")

This correctly generates an id_token, but it no longer includes app_metadata on it.

How can I generate an id_token that includes app_metadata using this new method?

I was able to login with this method

auth0.login(usernameOrEmail: email,
                    password: password,
                    multifactorCode: nil,
                    connection: "connection-name",
                    scope: "openid profile",
                    parameters: [:])

And I noticed /ro is now deprecated, and new method is favored https://github.com/auth0/Auth0.swift/blob/swift-4/Auth0/Authentication.swift#L85

So I switch to use the new one as

 auth0.login(usernameOrEmail: email,
                   password: password,
                   realm: "realm-name",
                   audience: "audience-name",
                   scope: "openid profile")

But this one gives me 401 unauthorized error.

By looking at the doc https://auth0.com/docs/api/authentication#authorization-code, I realized the client_secret is marked as required. So I hardcoded my client_secret, and managed to get it to work.

But this made me wonder if it is an issue to the Auth0Authentication.swift implementation, or did I miss any configurations which could allow me to login without hardcoding the client_secret on iOS side? Thanks.

Can this target IOS 8+ instead of IOS 9+?
or whats the best solution to do if not ?

thanks

This method signature is documented, but isn't available in the API (i'm using auth0 version 1.5.0)

Auth0
   .authentication()
   .login(
       usernameOrEmail: "[email protected]", 
       password: "a secret password", 
       connection: "Username-Password-Authentication"
       )
   .start { result in
       switch result {
       case .success(let credentials):
           print("access_token: \(credentials.accessToken)")
       case .failure(let error):
           print(error)
       }
   }

Hi,

I am trying to refresh token using renew method but it does not work. Returned credentials.idToken is set to nil. Here is my code.

auth0.logging(enabled: LOG_NETWORK_MANAGER_AUTHENTICATION_ENABLED)
.renew(withRefreshToken: refreshToken)
.start {  [ weak self ] result in
	switch result {
		case .success(let credentials):
			if let idToken = credentials.idToken {
				saveAccessToken(idToken)
			}
		case .failure(let error):
			LOG_NETWORK_MANAGER_AUTHENTICATION("Id Token renew failed with error: \(error)")
	}
}

Thanks

In Xcode 9, Swift, I'm getting the error, "No such module 'Auth0.'"

Hi,

we created a new client id, unfortunately I am no more able to login. I get this error:

Grant type 'http://auth0.com/oauth/legacy/grant-type/ro' not allowed for the client.

What must I do?

Thanks

As title says

Auth0.authentication().login

goes onto a background thread, I cant see that stated in the docs and I would of thought it was the responsibility of the call to bring it back to the main thread?

Sorry if this is not the case, this is also the case the creating a user.

The delegation endpoint API for refreshing the id_token is missing.

Is this planned? If so, when will this become available?

Cheers!

When doing import Auth0 I get the error "Cannot load underlying module for 'Auth0" I'm on swift 4 xcode 9 and have the latest Auth0 Pod version installed with xcworkspace open.

We need to require a user to confirm their identity to access part of an application.

Re-invoking the web auth: Auth0.webAuth(). ... .start(...) presents the log in view, but gives the option to continue with the same user without re-entering a password with the message, "Last time you logged in with".

There appears to be an option rememberLastLogin to disable this, but it's unclear if that's supported by the Swift SDK.

Can you explain the reason for deprecating the tokenInfo from #70?

Using the Authentication API for login with database connection, I now get the following error on failure:

"Grant type 'http://auth0.com/oauth/legacy/grant-type/ro' not allowed for the client."

It once worked, but no longer does. How can I modify this code to work:

Auth0
.authentication()
.login(
usernameOrEmail: "[email protected]",
password: "a secret password",
connection: "Username-Password-Authentication"
)
.start { result in
switch result {
case .success(let credentials):
print("access_token: (credentials.accessToken)")
case .failure(let error):
print(error)
}
}

The current major version of Alamofire is 3.x.

I added the following to my pod file pod "Auth0", '[email protected]' and it fails saying [!] Oh no, an error occurred.

I can install the swift 3.0 pod perfectly fine using pod "Auth0", '1.0.0-rc.4' without the @swift-2.3 suffix.

Note that logging in to retrieve credentials with Auth0 returns: access_token, expires_in, id_token, refresh_token, scope and token_type; however when refreshing the credentials, refresh_token is not returned in the response.

If using the CredentialsManager, after logging in one would call store(credentials:) to persist the credentials for later use.

When credentials are needed, one would call credentials(withScope:callback:) on a CredentialsManager instance, and if the access token is expired the credentials manager is kind enough to renew the token on our behalf, transparently returning brand new credentials, which we then save again using store(credentials:) again.

However, since the credentials are stored onto one key in the keychain, and given the fact that refresh_token is not returned in the response when refreshing the token, the new credentials have no refresh token.

Inside retrieveCredentials(withScope:callback:) of CredentialsManager there is a check to make sure the credentials have a refresh token, if it isn't there then the credentials manager returns a .noRefreshToken error.

At this point in time I must log out and login again.

We think this is an oversight on the CredentialsManager.

I did however want to raise this issue on the chance that I'm not using the SDK as intended. I would greatly appreciate any advice or information on this.

Thank you

So as usual when there is a new release things stop working.

Done a pod update to 1.9

It now complains about

Header 'Auth0-Swift.h' not found

Cannot convert value of type '(_) -> ()' to expected argument type 'SFAuthenticationSession.CompletionHandler' (aka '(Optional, Optional) -> ()')

in SafariAuthenticationSessionCallback.

Any ideas?

Hi 🙂

I am using this library in an iOS App that needs authentication to Firebase with the id_token got by calling FIRAuth.auth()?.signIn(withCustomToken:...)

From what I understood I need to do the following steps in order to get this custom token:

• login to Auth0 with email and password to get the credentials via the Auth0.authentication() .login(...) method
• with the credentials I get the profile via the Auth0.authentication().tokenInfo(...) method
• get the delegation token from the id_token in the profile

But I this library I cannot find any method to get a delegation token. Is this missing or I have misunderstood the logic ?

Thanks a lot 😉

I'm trying to implement renewal via refresh tokens, but I'm getting an error of Unsupported grant type: refresh_token.

I seem to get a valid refresh token back from the login call. But when I try to use it, I get the error above.

Is there another scope I need? Or something I need to adjust in my settings somewhere?

Here is my login code:

authentication.login(usernameOrEmail: username, password: password, multifactorCode: nil, connection: "Username-Password-Authentication", scope: "openid email offline_access", parameters: ["device": UIDevice.current.name]).start { result in
    switch result {
    case .success(let credentials):
        if let idToken = credentials.idToken, let refreshToken = credentials.refreshToken {
            let keychain = KeychainSwift()
            keychain.set(idToken, forKey: "auth0_idToken")
            keychain.set(refreshToken, forKey: "auth0_refreshToken")
        }
    case .failure(let error):
        print("Error: \(error)")
    }
}

And here is my renew code:

guard let refreshToken = keychain.get("auth0_refreshToken") else {
    return
}
authentication.renew(withRefreshToken: refreshToken).start { result in
    switch result {
    case .success(_):
        break
    case .failure(_):
        break
    }
}

Can't implement login via Office 365 when I use purchased connection for my project.

I'm using Auth0.authentication().login method to log-in user into my app but response returns credentials with expiresIn property empty. Now when I try to renew idToken with CredentialsManager.credentials it checks for expiresIn being set and being a future date and always returns .noRefreshToken. Can someone please point me in the right direction for solving this, should expiresIn be set or am I using wrong method?

it's a swift lint violation on enum and switch

log_error.txt

Heyo!!
So, maybe this is related to the confusion around API usage in my previous issue. Could be.

I'm able to successfully create a user using this code:
https://gist.github.com/jyaunches/6ddd423a09b1afa3ad2c0b7d3401d8a2

When I try to then log the user in, the credentials returned don't have an idToken value.

Hi,

We're in a process of migrating our codebase to Swift 3 to support iOS 10. We're are using Auth0 SDK for our iOS, Android & Web-based products. Our codebase migration has hit a deadlock since Auth0 1.0.1-rc.2 for iOS does not support Swift 3. Please update us as soon as possible.

Thanks,
Team Pixerf

I want to be able to add scope to a startPasswordless(phoneNumber) authParams call, similarly to how you have it setup in startPasswordless(email). It's an optional request parameter for the API call: https://auth0.com/docs/api/authentication#get-code-or-link and should be allowed in both phone number and email calls. Can this please be added?

Version:
1.7.1

Description:
UserInfo class does not contain information about user id. I know we can retrieve it by "sub" property, but I think it is more clear if UserInfo object can show "userId" property.
Json object retrieved calling UserInfo API already contains this property: "user_id". It's just matter to parse json object properly

Expectation:
Have userId field available in UserInfo class

When performing a federated logout, SilentSafariViewController dismisses before the federated logout can complete. (tested on iOS 10)

I suspect that SilentSafariViewController successfully loads the Auth0 logout page and its delegate method is called to dismiss the controller before the redirect to the federated logout page can occur.

I verified this by placing an arbitrary delay of 1 second before the call to dismiss SilentSafariViewController. In that case, the federated logout did occur successfully. But this arbitrary delay doesn't seem like the correct solution to this issue.

https://auth0.com/docs/link-accounts#the-api

https://auth0.com/docs/api/v2#!/Users/post_identities

I try to logout using the below code:

var auth0 = Auth0.webAuth()
auth0.clearSession(federated: true) { outcome in
    DispatchQueue.main.async {
        let credentialsManager = CredentialsManager(authentication: Auth0.authentication())
        _ = credentialsManager.clear()
        CredentialsHelper.resetCredentials()
    }
}

After that is executed successfully, I try to login again, I tap on Google authentication, Auth0 won't ask me for credentials and just logs me in.
Another part of the issue (related tho), is that if I deleted the app, and then re-installed it again, how can I clear the IdP values so Google login would ask for credentials again, without using the above method? As that would trigger a webView to appear (on iOS 11 at least) and disappear suddenly for the user after he launches the app for the first time, which is a bad UX.

I'm trying to proceed with simple example downloaded from your site for iOS. Unfortunately, when I login I get Access denied error. Logs show following callback is been called:
auth0.samples.auth0sample://sanjo.eu.auth0.com/ios/auth0.samples.Auth0Sample/callback?error=unauthorized&error_description=Access%20denied.&state=3nDQbr9tNB2gWN5I0Af1sTpCyj0hfawUFmcYPaOOscE

Any help on how to debug this?

I'm pretty sure yesterday I was using a swift-4 branch and things were fine. Today I can't compile the project and the swift 4 branch seems to be gone?

The error I'm getting is:

/Users/niklas/Documents/development/iOS-b2b/Pods/Lock/Lock/DatabaseChangePasswordInteractor.swift:72:14: Value of type 'Authentication' has no member 'changePassword'

When logging to get user credentials, the expiresIn field is nil. All other fields are returned fine.

pod Version: 1.2

Auth0.authentication()
.login(
  usernameOrEmail: "meow",
  password: "meow",
  connection: "Username-Password-Authentication",
  scope: "openid offline_access user_metadata",
  parameters: ["device": "iPhone"]
)
.start() { result in
  switch result {
  case .success(let credentials):
    print("access token: \(credentials.accessToken)")
    print("id token: \(credentials.idToken)")
    print("refresh token: \(credentials.refreshToken)")
    print("expires in: \(credentials.expiresIn)")
  }
}

print output:

access token: Optional("aAaaaAAA")
id token: Optional("aAAsdf.asdfASDa.asdf")
refresh token: Optional("aaaSSsfSSDFSDSFSDFDSFss")
expires in: nil

Am I missing something? Is this the intended behavior?

NOTE: token values in the print output are replaced with dummy values...

Guys I've just updated my pods and got version 1.7.2

Being that is a minor release should not break any thing right(semver)?
In this case is not Auth0 that is breaking is the dependency on cryptoSwift 0.7.0 that is to work with XCode 9 and Swift 4. The error is the same as stated in the cryptoSwift issue #485

Reverted back to 1.7.1 and all was fine.

I'm not sure if this is an issue with the Auth0 library or a misuse/misconfiguration on my part.

When specifying the federated parameter, the Auth0 logout url redirects to the Enterprise Connection (SAML) logout URL for all of my users, not just the SAML users (as I expect). I expect only my SAML users to be redirected to the SAML logout URL.

Using this
keychain.setData(NSKeyedArchiver.archivedDataWithRootObject(profile), forKey: "profile")
from the Auth0 documentation: https://auth0.com/docs/quickstart/native/ios-swift/03-session-handling#validate-an-existent-idtoken

The application is crashing and returning this:
-[A0Profile encodeWithCoder:]: unrecognized selector sent to instance *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '-[A0Profile encodeWithCoder:]: unrecognized selector sent to instance'

Hello,

I'm trying to refresh credentials using a refresh token. I tried ...

Auth0
    .authentication()
    .renew(withRefreshToken: refreshToken)
    .start { result in
        ...
    }

and the result was Unsupported grant type: refresh_token.

Is this a bug or am I doing something wrong. Thanks!

After adhering to the new Auth0 changes, I am not receiving userMetadata for users created via email.

Facebook auth

    Auth0
        .webAuth()
        .connection("facebook")
        .scope("openid offline_access")
        .parameters(["device": "A_UNIQUE_ID"])
        .start { result in
            DispatchQueue.main.async {
                self.handleAuthResult(result)
            }
    }

Email sign up

Auth0
        .authentication()
        .createUser(
            email: email,
            password: password,
            connection: "Username-Password-Authentication"
        )
        .start { result in
            switch result {
            case .success(_):
                self.performEmailLogin(email, password: password)
            case .failure(let error):
                print("Failed with \(error)")
            }
        }

Email log in

 Auth0
        .authentication()
        .login(
            usernameOrEmail: email,
            password: password,
            realm: "Username-Password-Authentication",
            scope: "openid profile offline_access")
        .start { result in
            DispatchQueue.main.async {
                self.handleAuthResult(result)
            }
    }

I save the user's info via

    Auth0
        .users(token: idToken)
        .patch(profile.id, userMetadata: metadata)
        .start { result in
            switch result {
            case .success(let userInfo):
                print("user: \(userInfo)")
            case .failure(let error):
                print(error)
            }
    }

Whether it's email or facebook user, it returns with .success, and I can see the metadata in userInfo.

Now, if I call

Auth0
        .authentication()
        .userInfo(token: accessToken)
        .start { result in
            switch result {
            case .success(let profile):
                self.profile = profile
            case .failure(let error):
                print("Error: \(error). Invalid accessToken. Checking refresh token.")
            }
    }

If the user is created via facebook, this works fine. If the user is created via email, the userMetadata contains 0 elements..

I think this is a bug, as everything is exactly the same between facebook and email auth, and these methods are as per the doc's guidelines.

After logging in with facebook webAuth, I get credentials, but the refreshToken property is nil. Is this expected behavior?

(Sorry for the poor formatting - couldn't figure out the spacing.)

Auth0.webAuth()
            .connection("facebook")
            .start{ result in
                switch result {
                case .success(let credentials):
                // credentials.refreshToken is nil here
                case .failure(let error):
                    print(error)
                }
        }

Hey! I'm trying to use the iOS swift Custom Login functionality as documented here, but it seems like the callback to the app is not working properly. Sometimes it works, but other times it just hangs on Safari after the login was already successfully made.

From looking at the request logs, it seems like it's a problem related with the state parameter. It looks like the SessionManager is not resetting properly every time we try to do a new login. Is there a way I can either forcefully reset the SessionManager every time or any other solution?

We already tried setting the state ourselves with .state("some-string") to make sure the field is being renewed every login, but even then, it doesn't seem like it uses that state, but it uses the one from the SessionManager..

Any help with this would be greatly appreciated, since right now the system works every 2nd or 3rd time only.

Hello 👋,

I didn't saw a guide on how to contribute or something like that, so sorry in advance if the issue description is not in the best.

Problem

I'm using your framework in a new app that in be released in a near future and i tried to use with the new Xcode 9, which avoid my rage to go up anytime it crashes, but i found that it didn't compile.

What i found

Mostly, it doesn't compiles due to:

Dependencies

Nimble and OHHTPStubs, they are in old versions or specific language versions.
Updating those to the latest released versions fix the compile issue of the dependencies.

SilentSafariViewController

The subclass of SFSafariViewController is using an deprecated convenience init.
Adding a conditional availability on the required init fixes the problem.

if #available(iOS 11.0, *) {
    let configuration: SFSafariViewController.Configuration = {
       $0.entersReaderIfAvailable = false
       return $0
    }(SFSafariViewController.Configuration())
    super.init(url: URL, configuration: configuration)
} else {
    super.init(url: URL, entersReaderIfAvailable: false)
}

I will open a PR with this, feel free to reject it.
It would be really nice if we could use the beta version of xcode 9 to develop, since it brings a few stability improvements, but is a beta tool which you may not want to support until it is released.

🍻

So we found this error while switching over to new dev accounts today.

I read about it here and here. I've updated Auth0 to v1.6.0. I'm registering users via

Auth0
            .authentication()
            .signUp(
                email: email,
                password: password,
                connection: "Username-Password-Authentication"
            )
            .start { result in
                DispatchQueue.main.async {
                    self.handleAuthResult(result)
                }
        }

I tried adding parameters: ["grant_type": "implicit"] (tried multiple grant_types i have enabled) but no success.

What to do?

Hi there,

I want to use link, unlink accounts and support IOS 8 since we have to!
so whats the best way to overcome the auth0 IOS 8 support, could i use rest api's to link, unlink account ?

thanks in advance