iOS Custom Sign-In fails with 'unsupported URL'

After creating a new user in okta, unable to sign in “Sign in was not authorized”, with an inner exception indicating, Authorization Error: unsupported URL.

I’ve verified that calls to /authn succeed and return a session token, and the subsequent call to /authorize returns a 302, but the ios native module throws an error and does not resolve tokens.

The android native module appears to work as expected and resolves tokens.

Environment

Okta SDK: 3.10.6
iOS version: 14.7.1
Xcode Version: 12.5.1
OS: Big Sur 11.5.2

Hello Ram,
Is the Custom Sign-In App the Okta custom sign-in sample application or your own?

If it is your own are you doing a native login or using browser sign-in?
If the redirectURI is incorrect that is not the error I receive nor is that the error I get if I set the wrong URL for my Okta Org when creating the OktaOidc instance. Can you supply the configuration file (Okta.plist) you are using and if you are doing a browser sign-in the Info.plist as well. Additionally if you could supply the Okta calls you are making that would be helpful as well.

Thanks,

Hi Erik,

Thanks for replay.

Yes, it’s our own and doing native login. Here is the native okta calls

OktaAuthSdk.authenticate(with: URL(string: urlString)!, username: username, password: password) { (status) in
var odClient: OktaOidc!
do {
odClient = try OktaOidc.init()
} catch {
print(“something wrong”)
}
let successStatus = status as! OktaAuthStatusSuccess
odClient.authenticate(withSessionToken: successStatus.sessionToken!) { (odManager, error) in
self.removeLoadingOverlay()
if let err = error {
let alert = UIAlertController(title: “Alert”, message: err.localizedDescription, preferredStyle: .alert)
alert.addAction(UIAlertAction.defaultOK())
alert.display()
} else if let manager = odManager {
manager.writeToSecureStorage()
// Perform login
self.performLogin(with: Credentials(account: self.usernameField.text!, hashedPassword: manager.accessToken!))
}
}
} onError: { (error) in
self.removeLoadingOverlay()
let alert = UIAlertController(title: “Alert”, message: error.description, preferredStyle: .alert)
alert.addAction(UIAlertAction.defaultOK())
alert.display()
}

okta plist details

let me know if you need anything else.

Thanks.

Hi Ram,

Do you know exactly where in your code the error is thrown? You stated earlier that you see the authn and then the /authorize returns a 302.

let successStatus = status as! OktaAuthStatusSuccess

Can you print successStatus and verify it.

Hi Erik,

Here is the successStatus response.

.authenticate(user,pwd) api response.
{
  "status": "SUCCESS",
  "sessionToken": "201114c-v5vcdyVPQ1b-zrTEAelATRUCeK5jHOL0TtYO-xxxxxx_O9I",
  "expiresAt": "2021-09-15T06:53:54.000Z",
  "_links": {
    "cancel": {
      "hints": {
        "allow": [
          "POST"
        ]
      },
      "href": "https://dev-xxxxxx.okta.com/api/v1/authn/cancel"
    }
  },
  "_embedded": {
    "user": {
      "id": "00u4f2ysfxxxxxxxxxxx",
      "passwordChanged": 652875428,
      "profile": {
        "firstName": "xxxxxx",
        "login": "xxxxxxxxx@xxxx.com",
        "lastName": "xxxxx",
        "locale": "en",
        "timeZone": "America/Los_Angeles"
      }
    }
  }
}

and error on .authenticate(sessionToken) is

Task <C2032A20-0B07-42CE-8D78-CF9F44EDDCFC>.<2> finished with error [-1002] Error Domain=NSURLErrorDomain Code=-1002 "unsupported URL" UserInfo={NSLocalizedDescription=unsupported URL, NSErrorFailingURLStringKey=com.okta.dev-xxxxx:/callback?code=umsvEmdYHugsXc6QjqtynBDcugPUIWZfYgUgxbPlRmM&state=dVSb5UP01DhhhBouvPRbFeigxGJPA79ANtYKEdOceJQ, NSErrorFailingURLKey=com.okta.dev-xxxxxx:/callback?code=umsvEmdYHugsXc6QjqtynBDcugPUIWZfYgUgxbPlRmM&state=dVSb5UP01DhhhBouvPRbFeigxGJPA79ANtYKEdOceJQ, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <C2032A20-0B07-42CE-8D78-CF9F44EDDCFC>.<2>",
"LocalDataTask <4C03190E-8088-4C5C-B71C-764D0796DCAC>.<1>"), _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <C2032A20-0B07-42CE-8D78-CF9F44EDDCFC>.<2>, NSUnderlyingError=0x28264fc90 {Error Domain=kCFErrorDomainCFNetwork Code=-1002 "(null)"}}

here one thing i need to tell you that, once error is occurred. Unable to login with new user or existing user details. If we kill the app and relaunch, then able to login.

It maybe that you need to register a custom URL Schema for your application like you do if using a browser login, but I didn’t think you should need to. I don’t need to for a native sign-in. See the bottom of our browser sample.

What type of iOS device or simulator are you using? This isn’t a desktop application is it?

Yes it’s not a desktop application. We tested in most of the iOS device (iPhone 7, X,11 and 12).

Are you testing the Okta custom sample application https://github.com/okta/samples-ios/tree/master/custom-sign-in or is this your own application?
If it is your own can you test the sample and see if you see the same results. I just installed okta-oidc-sdk 3.10.6 but am still unable to reproduce with the custom sample app.

creating a new user is not from device, we just collect the data and send it to server. Server team is doing the okta registration and get back with the response. In this case android is working as expected behaviour, where as iOS not.

There was one report of something similar with iOS. In that case the Okta reactive-native SDK was also being used, but it sounds like a possible culprit could have been having a debugger open.

I am not sure how easy it would be for you to share a reproducible application with us?
It would still be helpful to see if you see the same issue with our sample app https://github.com/okta/samples-ios/tree/master/custom-sign-in

To troubleshoot further it would be helpful to look at your Org logs as well. If you do not want to share the Org URL in the forum could you open a case with the support team so we can collect that information.

I am testing my app on an iPad Pro latest version running iOS 13.4. I have masked the key here but the URL is proper in my actual code.

official website