Troubleshooting SSO Login Issues in iOS Apps Using WorkOS

Overview

When integrating Single Sign-On (SSO) in your iOS application using WorkOS, you may encounter an error stating, "The endpoint only accepts POST requests. Received a GET request." This typically occurs when the application fails to send the expected POST request during the authentication process.

Problem Description

In a scenario where users can log in via Microsoft accounts, the SSO process works seamlessly in Safari but fails in the app, resulting in the aforementioned error after entering the password. This issue can arise due to improper handling of the authentication flow within the app.

Key Observations

• No request is sent after the password is entered, indicating a potential issue with the app's network handling.
• Ensure that all necessary domains are included in the WKAppBoundDomains list in your app's Info.plist file.
• Clearing cookies may not resolve the issue, so consider other aspects of your app's configuration.

WorkOS Configuration Example

To facilitate SSO login using WorkOS, ensure your implementation follows the correct structure. Below is a sample code snippet demonstrating how to set up the SSO login process:

public async Task<SystemMessage> SsoLoginAsync(string email)
{
    // Set the API key for WorkOS
    WorkOS.WorkOS.SetApiKey(_settings.WorkOsApiKey);
    SSOService ssoService = new();

    // Retrieve the user from the database
    ApplicationUser user = await _db.Users
        .Include(o => o.Client)
        .Where(o => o.Email == email && o.IsActive)
        .FirstOrDefaultAsync();

    // Check if the user exists
    if (user == null) {
        return Notification.ErrorMessage("Could not Authenticate");
    }

    // Get the organization ID for SSO
    string orgId = user.Client?.SsoOrganizationId;
    if (orgId == null) {
        return Notification.ErrorMessage("Could not Authenticate");
    }

    // Prepare the authorization URL options
    GetAuthorizationURLOptions options = new()
    {
        ClientId = _settings.WorkOsClientId,
        Organization = orgId,
        RedirectURI = _settings.BaseUrl + "login?fromSso=true"
    };

    // Generate the SSO URL
    string ssoUrl = ssoService.GetAuthorizationURL(options);

    return Notification.SuccessMessage(
        "",
        value: new { ssoUrl, email },
        showSystemMessage: false
    );
}

Conclusion

By ensuring that your app correctly handles the SSO authentication flow and adheres to the required POST request format, you can resolve the login issues encountered in your iOS application. Always verify your configuration settings and test the authentication flow thoroughly to ensure a smooth user experience.