I'm using Auth0 to authenticate my users and then ...
# gooddata-platform
I'm using Auth0 to authenticate my users and then embed GoodData. In order to log users into GoodData, I use the relaystate redirect. It works great, except on mobile phones where it doesn't seem to work. The iframe is blank... it's as if the redirect is blocked. Have you ever seen this before? Here is my iframe code (with identifiers blocked out). Again, this iframe code works fine when my product is viewed on desktop. It doesn't work on mobile.
Hi Mitchel, to be honest, I’ve never come across this.. Are you able to reproduce it on your mobile device? Which mobile browser is used?
Yeah, very strange, right? It occurs on my iphone in both Safari and Chrome
But it works in Chrome on my macbook just fine. Same exact code
And if I change the url to just be the embed URL without the redirect, it works fine on mobile.
and are third party cookies allowed on mobile browsers?
So if I do the redirect outside of the iFrame (i.e. redirect the user through Auth0 and then have them land on the page with the iframe), it works fine on mobile. If that makes sense...
🤔 can you please copy paste the iframe code here (with placeholders instead of identifiers)
I’m thinking, maybe the auth and redirect succeeds but then mobile browser has issues with iframe width and height and has trouble rendering it
Meanwhile, this works fine on mobile: <iframe src="https://analysis.mydataist.com/dashboards/embedded/#/workspace/[workspace_id}?showNavigation=true&excludeObjectsWithTags=[hide]" height="100%" width="100%" frameborder="0" /iframe In this scenario, I do the redirect outside the iFrame to make sure the user is authenticated. But it leads to a weird user-experience where the user ends up on the page and then has to be redirected, so the page essentially refreshes awkwardly. It does work though, and is the solution I have in place currently.
I recommend to check
Allow Cross-Website Tracking
if it is enabled in mobile browser. Then content of the
needs to be properly URL encoded. The only odd thing I can see that is this part
where I believe it should be encoded as
(not sure if it’s just a copy/paste typo though).. If it doesn’t work, I would try to fiddle around with iframe size to see if it helps. If it doesn’t help, I recommend to check with Auth0 support/community.
Yeah, nobody seems to have noticed this issue. I've scoured Auth0's discussion boards with no luck. And yes, it is formatted as workspace%2F[workspace_id}. Human error on my part when obfuscating the ID here in Slack. The issue with Allow Cross-Website Tracking is that I cannot guarantee my clients will know to do this, and it is clearly not the default setting in mobile browsers. That's why I've moved the redirect out the iFrame for now -- even if it means the user's page has to awkwardly refresh.
Just following up on this. I disabled 3rd party cookies on my desktop (since that seems to be how things will work moving forward... at least in Chrome), and the iframe stopped working on my desktop as well. I've moved the redirect out of the iframe moving forward.