auth0-ionic-samples icon indicating copy to clipboard operation
auth0-ionic-samples copied to clipboard
verified publisher icon auth0-samples

Andorid React not authenticated after returning to app

Open himynameistim opened this issue 1 year ago • 3 comments

Checklist

  • [X] I have looked into the Readme (React/Angular/Vue) and have not found a suitable solution or answer.
  • [X] I have searched the issues and have not found a suitable solution or answer.
  • [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
  • [X] I agree to the terms within the Auth0 Code of Conduct.

Description

I have downloaded the sample for React and tested using an Android device.

Clicking login correctly loads the Auth0 login page in a browser and after entering credentials the user is taken back to the app, however they're still not authenticated.

Clicking login a second time redirects to auth0 which immediately redirects back to the app, but the app still shows the user as unauthenticated.

Reproduction

  1. Download sample with auth0 account logged in
  2. Add allowed urls to auth0 application settings
  3. Complete npm install etc instructions
  4. Open app in Android Studio and generate app package
  5. Deploy to device (I'm using real devices via lambda test)
  6. Login

Additional context

No response

Sample

React

Platform

Android

Platform version(s)

13

himynameistim avatar Jun 26 '24 13:06 himynameistim

Figured this out. The instructions specify to set Allowed origins and by default there is a property named Allowed web origins in the Auth0 Application settings.

However in addition to this Cross-Origin Authentication needs to be switched on and the following domains added to Allowed Origins (CORS)

capacitor://localhost, http://localhost, http://localhost:3000/, https://localhost

If you don't do this the following error will appear in the logs.

Origin https://localhost is not allowed. Behavior used for check: LEGACY

The documentation could be updated to make this clearer.

himynameistim avatar Jul 08 '24 06:07 himynameistim

Doing this above also allowed my login to work on iOS. Definitely a missing piece in the documentation.

jorourke avatar Jul 31 '25 02:07 jorourke

I am facing the same issue. Did you find any solution? Here is a detailed comment I done here : https://community.auth0.com/t/ionic-react-capacitor-useauth0-works-on-web-but-native-build-returns-no-user-or-isauthenticated/192911/9

Issue SummaryThe problem is the same as that open issue on GitHub, but the provided answers are not related to it at all — it has nothing to do with localhost origins. I have already added all possible configurations and testing setups.

Detailed Findings

As mentioned earlier, everything works perfectly on Android mobile browsers and even inside WebView.

However, in the native app, the issue appears:

The user is successfully authenticated the first time they log in.

In the default demo app, there’s a condition:

if (isAuthenticated) show Logout button else show Login button

Because of this check, it may seem like the user is not logged in. but actually he is logged in.

To confirm, I removed the condition and displayed both buttons.

When I press “Logout” and then “Login” again, it redirects me to the auth0 login page, and I can log in normally — but the values like user and isAuthenticated never update in the native build.

ReproductionYou can verify this yourself:

Download the official demo.

Build and run it as per the documentation of the quick start demo in auth0 dashboard.

You’ll see that user and isAuthenticated Do not update in the native environment ( i mean in the real app ) , even though login works.

Current UnderstandingThis appears to be an open problem — as of now, there doesn’t seem to be a direct solution for native apps.

Possible Workaround (Idea)If there’s an API available (not sure if Auth0 exposes one for this), we could:

Use a useEffect hook in each page to fetch data like the user each time after login via an API call. We also need to pull the tokens and store them in a state

In every API request, use an Axios interceptor to:

Verify if the access token or refresh token is valid.

Update a local state in the app accordingly. Cause without an isAuthenticated value, we can’t do anything, we have to use this for many things like logout the user based on this.

However, doing all this manually defeats the main purpose of Auth0, which is to handle the authentication flow automatically and reduce such manual work.

Conclusion

Everything works fine on the web.

The issue only persists on native apps.

This behaviour should be reviewed, as it’s currently breaking the basic Auth0 use case on mobile apps.

Alpha-T30 avatar Oct 09 '25 22:10 Alpha-T30