iOS Obj-C presentEndSessionRequest callback not getting called

[mjswan]

Describe the bug
When using iOS Objective-C presentEndSessionRequest, one of the parameters is 'callback'. However, even though the call seems to succeed (the OAuth credentials are reset) and the annoying 'Sign In' alert appears (#643), the callback doesn't get called.

Expected behavior
I expect the callback to be called. ;-)

Smartphone

• Device: iPhone 8 although with the Xcode simulator I've tried other iPhone versions
• OS: 15.4 (and others)
• Browser: the OAuth flow appears to use Safari

Here is the code I'm using in case it helps, where logoutRedirectURL is obfuscated. I've tried with and without the additionalParameters.

#define logoutRedirectURL @"com.mydomain.mobile:/logout"

        NSString *issuerURL = [[NSString stringWithString:currentAccount.serverName] lowercaseString];
        NSURL *url = [NSURL URLWithString:issuerURL];
        issuerURL = [NSString stringWithFormat:@"%@/auth/realms/%@", issuerURL, url.host];
        NSURL *issuer = [NSURL URLWithString:issuerURL];
        
        [OIDAuthorizationService discoverServiceConfigurationForIssuer:issuer
            completion:^(OIDServiceConfiguration *_Nullable configuration, NSError *_Nullable error) {
            if (configuration) {
                // build end session request
                NSURL *redirectURL = [NSURL URLWithString:logoutRedirectURL];
                NSDictionary *additionalParameters = [NSDictionary dictionaryWithObjects:[NSArray arrayWithObjects:logoutRedirectURL, currentAccount.idToken, nil]
                    forKeys:[NSArray arrayWithObjects:@"post_logout_redirect_uri", @"id_token_hint", nil]];
                
                OIDEndSessionRequest *request = [[OIDEndSessionRequest alloc] initWithConfiguration:configuration idTokenHint:currentAccount.idToken postLogoutRedirectURL:redirectURL
                    additionalParameters:additionalParameters];
                OIDExternalUserAgentIOS *agent = [[OIDExternalUserAgentIOS alloc] initWithPresentingViewController:self];
                [OIDAuthorizationService presentEndSessionRequest:request externalUserAgent:agent callback:^(OIDEndSessionResponse * _Nullable endSessionResponse, NSError * _Nullable error) {
                    // note: this callback never seems to happen...
                    if (endSessionResponse) {
                    } else {
                        VLog(@"endSession error: %@", [error localizedDescription]);
                    }
                }];
            }
        }];

[petea]

Can you verify that your app is receiving the custom URL scheme redirect via the application:openURL:options: delegate and that resumeExternalUserAgentFlowWithURL: is being called?

[mjswan]

No, application:openURL:options: is not being called at any time.

BTW, when calling authStateByPresentingAuthorizationRequest, its callback is called and the token information is correct.

[petea]

Check that your postLogoutRedirectURL is correct and that your app is registered to respond it its custom URL scheme.

Not sure why you would need the additionalParameters.

[asutah]

Same problem I am facing in my project recently. But earlier it was working. Facing issue only in safari browser.
At the time login call back function not calling and taking maximum time loading in browser.
Please make this issue as a high priority.

[arindam94]

Facing same problem in safari browser ios -15 os.
Not calling call back function. pls help asap

[Sandy417]

We are facing a similar problem.
from the mobile app, Safari browser is loaded with SSO URL and the control is not coming back to the native app and keeps on showing loading indicator.

[petea]

@asutah @arindam94 @Sandy417 are you using presentEndSessionRequest as well? Can you tell me which IDP you're working with?

[mjswan]

Can you verify that your app is receiving the custom URL scheme redirect via the application:openURL:options: delegate and that resumeExternalUserAgentFlowWithURL: is being called?

I did find one problem: the redirect URL I was using was an unusual format (it had periods in it). Once I took the periods out of it and used 'xcrun' from the Mac OS CLI (e.g. xcrun simctl openurl booted myredirecturl), then application:openURL:options: got called.

However, neither 'application:openURL:options:' nor the presentEndSessionRequest callback is getting called when executing presentEndSessionRequest, which is my original problem.

[arindam94]

@petea
We are using Appauth for SSO and we used custom browser (mobile iron Web@work) its working but in safari we are facing these issue. whereas its not callback to the actual application. Which used to work before for years like these.
please check on safari browser. I

[Sandy417]

Can you verify that your app is receiving the custom URL scheme redirect via the application:openURL:options: delegate and that resumeExternalUserAgentFlowWithURL: is being called? ---- No, we are not receiving this callback

And this issue is happening in safari

@petea @mjswan

[Sandy417]

Can you please let us now the possible reasons for not receiving a callback in safari.

We tried in a different browser and it is working fine.

@petea

[Mkalla]

Facing the same issues:

• application:openURL:options: delegate is not called.
• app and OIDC provider is correctly setup with custom URL schemes
• callback not being fired

[nnordling]

We faced a similar issue where we couldn't log out despite using correct redirect uri, endpoint etc. What solved it for us was assigning presentEndSessionRequest to a variable. I haven't figured why it works, or if it's the correct way, but it somehow works. ¯_(ツ)_/¯

Example (in Swift)
private let userAgentSession: OIDExternalUserAgentSession?
init() { userAgentSession = nil }
self.userAgentSession = OIDAuthorizationService.present(endSessionsRequest,...)

[mjswan]

@nnordling -- Thank you for your reply. I can confirm that assigning the return from presentEndSessionRequest to a variable does indeed cause the callback to be called when using Safari.