"Session authorization failed." - Passbolt iOS app

Checklist
I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue

I am unable to login to Passbolt v1.14.4 using iOS 16.5.1 (iPhone 13 mini).
After scanning the QR code for Mobile setup in the web browser, entering my Passphrase into the Passbolt iOS app I receive the following error message “Session authorization failed.” and fails to login/ask for MFA. This is happening for other users in the organisation. I have tried uninstalling the app without any luck.

I can login successfully to Passbolt 1.14.1 using Android 13 (Pixel 6a) so it appears to be an issue with iOS app?

Please help! :grinning:

Hi @sneaker-net if by chance you are using Duo as a sole MFA provider, it is a blocking feature at the moment for iOS app access.

ref: Mention current lack of DUO support on mobile app by garrettboone · Pull Request #85 · passbolt/passbolt_help · GitHub

Hi @garrett DUO is disabled in the admininstration tab for all users.

However “Time-based One Time Password” & “Yubikey” are enabled for everyone to use and are both currently active for myself.

I have tried disabling both for myself with no luck, still receiving “Session authorization failed.

Hello @sneaker-net !

Only DUO is problematic at the moment, other MFA should be okay (still deactivating them to test is a good idea to make sure it was the origin of the problem or not).

So, the problem is coming from somewhere else. One error could be the time synchronisation, so you can first check if your phone time has time sync done automatically ( https://support.apple.com/en-us/HT203483#:~:text=On%20your%20iPhone%20or%20iPad&text=Turn%20on%20Set%20Automatically%20in%20Settings%20>%20General%20>%20Date%20%26%20Time. )

Also, if it doesn’t help could share the application logs please? This will give a better insight of what’s happening. There is the procedure to get the logs here Passbolt Help | iOS / Android Mobile FAQ in the section “How to get logs ?”.

Passbolt:
Device: iPhone iPhone
OS: 16.5.1
App: 1.14.4
----------
[2023-06-30 07:34:33] Initializing the app...
[2023-06-30 07:34:34] ...app initialization completed!
[2023-06-30 10:59:41] Verifying data integrity...
[2023-06-30 10:59:41] ...data integrity verification finished
[2023-06-30 10:59:41] Fetching server configuration...
[2023-06-30 10:59:41] ...server configuration fetching skipped!
[2023-06-30 10:59:41] [F411444C-BA6C-43DF-95A6-F1940506A683] HTTP GET /lookup
[2023-06-30 10:59:41] [F411444C-BA6C-43DF-95A6-F1940506A683] HTTP 200 /lookup
[2023-06-30 10:59:41] [27F6C780-C454-46FA-A66A-70096C070032] HTTP GET /avatars/view/1a69feaa-c07a-4019-8acb-65b16a5b52a1/medium.jpg
[2023-06-30 10:59:42] [27F6C780-C454-46FA-A66A-70096C070032] HTTP 200 /avatars/view/1a69feaa-c07a-4019-8acb-65b16a5b52a1/medium.jpg
[2023-06-30 10:59:58] Beginning authorization...
[2023-06-30 10:59:58] ...creating new access token...
[2023-06-30 10:59:58] ...fetching server public RSA key...
[2023-06-30 10:59:58] ...fetching server public PGP key...
[2023-06-30 10:59:58] [00686B3A-AAAC-4346-9798-D053B6335F26] HTTP GET /auth/jwt/rsa.json
[2023-06-30 10:59:58] [C43F4E4E-E88C-4F76-82A0-F5FBB6A5FCA1] HTTP GET /auth/verify.json
[2023-06-30 10:59:58] [00686B3A-AAAC-4346-9798-D053B6335F26] HTTP 200 /auth/jwt/rsa.json
[2023-06-30 10:59:58] [C43F4E4E-E88C-4F76-82A0-F5FBB6A5FCA1] HTTP 200 /auth/verify.json
[2023-06-30 10:59:58] ...verifying server public PGP key...
[2023-06-30 10:59:58] ...preparing authorization challenge...
[2023-06-30 10:59:58] [6A2B7B73-7F1C-4AA7-8021-617E888A8035] HTTP POST /auth/jwt/login.json
[2023-06-30 10:59:59] [6A2B7B73-7F1C-4AA7-8021-617E888A8035] HTTP 200 /auth/jwt/login.json
[2023-06-30 10:59:59] Access token signature verification failed
[2023-06-30 10:59:59] ...authorization failed!
[2023-06-30 10:59:59] Access token signature verification failed

Has anyone else tested this?

According to your logs, it looks like the data required to do the checks is available. So I wonder, if you had the chance to take a look at time synchronisation.

The time syncronisation is setup correctly, always has been. Still receiving same error on Passbolt v1.14.4 using iOS 16.6 (iPhone 13 mini).

we’re having the same problem with IOS 16.x (iphone 12 prm, iphone 12, iphone 13 prm)

@S0n98 welcome to the forum! Could you also follow the above troubleshooting steps and collect the logs? This is just to be sure that it is actually the same issue and not just the same error message

@clayton Thank you for your reply, our android devices work well but all the IOS devices we had are showing the same logs and error message Session authorization failed. Of course we’ve checked the time sync and it’s correct, if the time is not sync the error message will be different.

Passbolt:
Device: iPhone iPhone
OS: 16.6
App: 1.14.4
----------
[2023-08-15 03:49:46] Initializing the app...
[2023-08-15 03:49:46] ...app initialization completed!
[2023-08-15 03:49:46] Verifying data integrity...
[2023-08-15 03:49:46] ...data integrity verification finished
[2023-08-15 03:49:46] Fetching server configuration...
[2023-08-15 03:49:46] ...server configuration fetching skipped!
[2023-08-15 03:49:47] [7EDDE387-327A-442F-BAB9-EE36653D85C9] HTTP GET /lookup
[2023-08-15 03:49:47] [7EDDE387-327A-442F-BAB9-EE36653D85C9] HTTP 200 /lookup
[2023-08-15 03:49:47] [7FC6B04E-5A98-4492-A0BC-8279BE316970] HTTP GET /img/avatar/user_medium.png
[2023-08-15 03:49:47] [7FC6B04E-5A98-4492-A0BC-8279BE316970] HTTP 200 /img/avatar/user_medium.png
[2023-08-15 03:49:53] Beginning authorization...
[2023-08-15 03:49:54] ...creating new access token...
[2023-08-15 03:49:54] ...fetching server public PGP key...
[2023-08-15 03:49:54] ...fetching server public RSA key...
[2023-08-15 03:49:54] [D923E524-A063-4E10-8FE9-C6818F296687] HTTP GET /auth/jwt/rsa.json
[2023-08-15 03:49:54] [913481CD-02E2-4513-BE61-0414658E1B52] HTTP GET /auth/verify.json
[2023-08-15 03:49:54] [913481CD-02E2-4513-BE61-0414658E1B52] HTTP 200 /auth/verify.json
[2023-08-15 03:49:54] ...verifying server public PGP key...
[2023-08-15 03:49:54] [D923E524-A063-4E10-8FE9-C6818F296687] HTTP 200 /auth/jwt/rsa.json
[2023-08-15 03:49:54] ...preparing authorization challenge...
[2023-08-15 03:49:54] [4044EA8A-CA91-46BA-AE77-677ACB5420D1] HTTP POST /auth/jwt/login.json
[2023-08-15 03:49:55] [4044EA8A-CA91-46BA-AE77-677ACB5420D1] HTTP 200 /auth/jwt/login.json
[2023-08-15 03:49:55] Access token signature verification failed
[2023-08-15 03:49:55] ...authorization failed!
[2023-08-15 03:49:55] Access token signature verification failed

Oh finally, found out that helm chart gen the jwt.pem doesn’t match with the jwt.key, somehow. I have created those keys manually and uploaded to k8s, now everything work fine.

1 Like

This was the solution to my original post Passbolt helm chart issue with ios app - #3 by samuelcolacchia :partying_face: