I am working on an iOS app which provides "Login with Google" functionality utilising OAuth 2.0 and external web pages. The same login functionality is provided to an Android application where it works without an issue. However, on the iOS app the user is left hanging on the 2FA page and this is happening most of the time but not always. Occasionally, the login succeeds. The steps are the following:
- The user opens the iOS app and selects "Sign in"
- A Web view is opened hosting an in-app Safari browser and the login screen is loaded via an iFrame
- The user chooses "Login with Google"
- The user is redirected to Google
- The user enters username and password
- The user goes to the 2FA sign in screen (still hosted by Google) and is asked to acknowledge via any Google application on the phone (Youtube/Google/Gmail)
- The user goes to the other application and acknowledges with "Yes, it's me"
- The user goes back to the app where he remains on the 2FA screen
It is important to note that if step 6 is confirmed with Authenticator or SMS input, the 2FA does not get stuck.
When the control for the login is redirected to Google, a callback URL (on server-side) is provided. It appears that the callback URL is never being called by Google when the process fails. If the user attempts to login again by closing the iFrame and opening it again, then the user is not being asked for password and 2FA is not required. It appears that the actual login in Google has succeeded, but only the callback is never being actually called.
The same app on Android does not experience the issue. Also, it is confirmed that the iOS login worked fine on iOS 16.5 but is failing (intermittently) on the latest 16.5.1.
Has anyone experienced a similar issue?
Expected that the 2FA sign in with Google will work but it fails intermittently
