"Session authorization failed." - Passbolt iOS app

sneaker-net · June 29, 2023, 10:02am

Checklist
I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue

I am unable to login to Passbolt v1.14.4 using iOS 16.5.1 (iPhone 13 mini).
After scanning the QR code for Mobile setup in the web browser, entering my Passphrase into the Passbolt iOS app I receive the following error message “Session authorization failed.” and fails to login/ask for MFA. This is happening for other users in the organisation. I have tried uninstalling the app without any luck.

I can login successfully to Passbolt 1.14.1 using Android 13 (Pixel 6a) so it appears to be an issue with iOS app?

Please help!

garrett · June 29, 2023, 3:42pm

Hi @sneaker-net if by chance you are using Duo as a sole MFA provider, it is a blocking feature at the moment for iOS app access.

ref: Mention current lack of DUO support on mobile app by garrettboone · Pull Request #85 · passbolt/passbolt_help · GitHub

sneaker-net · June 30, 2023, 8:43am

Hi @garrett DUO is disabled in the admininstration tab for all users.

However “Time-based One Time Password” & “Yubikey” are enabled for everyone to use and are both currently active for myself.

I have tried disabling both for myself with no luck, still receiving “Session authorization failed.”

Steph · June 30, 2023, 9:07am

Hello @sneaker-net !

Only DUO is problematic at the moment, other MFA should be okay (still deactivating them to test is a good idea to make sure it was the origin of the problem or not).

So, the problem is coming from somewhere else. One error could be the time synchronisation, so you can first check if your phone time has time sync done automatically ( https://support.apple.com/en-us/HT203483#:~:text=On%20your%20iPhone%20or%20iPad&text=Turn%20on%20Set%20Automatically%20in%20Settings%20>%20General%20>%20Date%20%26%20Time. )

Also, if it doesn’t help could share the application logs please? This will give a better insight of what’s happening. There is the procedure to get the logs here Passbolt Help | iOS / Android Mobile FAQ in the section “How to get logs ?”.

sneaker-net · June 30, 2023, 11:32am

Passbolt:
Device: iPhone iPhone
OS: 16.5.1
App: 1.14.4
----------
[2023-06-30 07:34:33] Initializing the app...
[2023-06-30 07:34:34] ...app initialization completed!
[2023-06-30 10:59:41] Verifying data integrity...
[2023-06-30 10:59:41] ...data integrity verification finished
[2023-06-30 10:59:41] Fetching server configuration...
[2023-06-30 10:59:41] ...server configuration fetching skipped!
[2023-06-30 10:59:41] [F411444C-BA6C-43DF-95A6-F1940506A683] HTTP GET /lookup
[2023-06-30 10:59:41] [F411444C-BA6C-43DF-95A6-F1940506A683] HTTP 200 /lookup
[2023-06-30 10:59:41] [27F6C780-C454-46FA-A66A-70096C070032] HTTP GET /avatars/view/1a69feaa-c07a-4019-8acb-65b16a5b52a1/medium.jpg
[2023-06-30 10:59:42] [27F6C780-C454-46FA-A66A-70096C070032] HTTP 200 /avatars/view/1a69feaa-c07a-4019-8acb-65b16a5b52a1/medium.jpg
[2023-06-30 10:59:58] Beginning authorization...
[2023-06-30 10:59:58] ...creating new access token...
[2023-06-30 10:59:58] ...fetching server public RSA key...
[2023-06-30 10:59:58] ...fetching server public PGP key...
[2023-06-30 10:59:58] [00686B3A-AAAC-4346-9798-D053B6335F26] HTTP GET /auth/jwt/rsa.json
[2023-06-30 10:59:58] [C43F4E4E-E88C-4F76-82A0-F5FBB6A5FCA1] HTTP GET /auth/verify.json
[2023-06-30 10:59:58] [00686B3A-AAAC-4346-9798-D053B6335F26] HTTP 200 /auth/jwt/rsa.json
[2023-06-30 10:59:58] [C43F4E4E-E88C-4F76-82A0-F5FBB6A5FCA1] HTTP 200 /auth/verify.json
[2023-06-30 10:59:58] ...verifying server public PGP key...
[2023-06-30 10:59:58] ...preparing authorization challenge...
[2023-06-30 10:59:58] [6A2B7B73-7F1C-4AA7-8021-617E888A8035] HTTP POST /auth/jwt/login.json
[2023-06-30 10:59:59] [6A2B7B73-7F1C-4AA7-8021-617E888A8035] HTTP 200 /auth/jwt/login.json
[2023-06-30 10:59:59] Access token signature verification failed
[2023-06-30 10:59:59] ...authorization failed!
[2023-06-30 10:59:59] Access token signature verification failed

sneaker-net · July 18, 2023, 2:46pm

Has anyone else tested this?

Steph · July 24, 2023, 8:50am

According to your logs, it looks like the data required to do the checks is available. So I wonder, if you had the chance to take a look at time synchronisation.

sneaker-net · August 8, 2023, 1:38pm

The time syncronisation is setup correctly, always has been. Still receiving same error on Passbolt v1.14.4 using iOS 16.6 (iPhone 13 mini).

S0n98 · August 21, 2023, 11:49am

we’re having the same problem with IOS 16.x (iphone 12 prm, iphone 12, iphone 13 prm)

clayton · August 21, 2023, 12:00pm

@S0n98 welcome to the forum! Could you also follow the above troubleshooting steps and collect the logs? This is just to be sure that it is actually the same issue and not just the same error message

S0n98 · August 22, 2023, 1:51am

@clayton Thank you for your reply, our android devices work well but all the IOS devices we had are showing the same logs and error message Session authorization failed. Of course we’ve checked the time sync and it’s correct, if the time is not sync the error message will be different.

Passbolt:
Device: iPhone iPhone
OS: 16.6
App: 1.14.4
----------
[2023-08-15 03:49:46] Initializing the app...
[2023-08-15 03:49:46] ...app initialization completed!
[2023-08-15 03:49:46] Verifying data integrity...
[2023-08-15 03:49:46] ...data integrity verification finished
[2023-08-15 03:49:46] Fetching server configuration...
[2023-08-15 03:49:46] ...server configuration fetching skipped!
[2023-08-15 03:49:47] [7EDDE387-327A-442F-BAB9-EE36653D85C9] HTTP GET /lookup
[2023-08-15 03:49:47] [7EDDE387-327A-442F-BAB9-EE36653D85C9] HTTP 200 /lookup
[2023-08-15 03:49:47] [7FC6B04E-5A98-4492-A0BC-8279BE316970] HTTP GET /img/avatar/user_medium.png
[2023-08-15 03:49:47] [7FC6B04E-5A98-4492-A0BC-8279BE316970] HTTP 200 /img/avatar/user_medium.png
[2023-08-15 03:49:53] Beginning authorization...
[2023-08-15 03:49:54] ...creating new access token...
[2023-08-15 03:49:54] ...fetching server public PGP key...
[2023-08-15 03:49:54] ...fetching server public RSA key...
[2023-08-15 03:49:54] [D923E524-A063-4E10-8FE9-C6818F296687] HTTP GET /auth/jwt/rsa.json
[2023-08-15 03:49:54] [913481CD-02E2-4513-BE61-0414658E1B52] HTTP GET /auth/verify.json
[2023-08-15 03:49:54] [913481CD-02E2-4513-BE61-0414658E1B52] HTTP 200 /auth/verify.json
[2023-08-15 03:49:54] ...verifying server public PGP key...
[2023-08-15 03:49:54] [D923E524-A063-4E10-8FE9-C6818F296687] HTTP 200 /auth/jwt/rsa.json
[2023-08-15 03:49:54] ...preparing authorization challenge...
[2023-08-15 03:49:54] [4044EA8A-CA91-46BA-AE77-677ACB5420D1] HTTP POST /auth/jwt/login.json
[2023-08-15 03:49:55] [4044EA8A-CA91-46BA-AE77-677ACB5420D1] HTTP 200 /auth/jwt/login.json
[2023-08-15 03:49:55] Access token signature verification failed
[2023-08-15 03:49:55] ...authorization failed!
[2023-08-15 03:49:55] Access token signature verification failed

S0n98 · August 25, 2023, 9:31am

Oh finally, found out that helm chart gen the jwt.pem doesn’t match with the jwt.key, somehow. I have created those keys manually and uploaded to k8s, now everything work fine.

sneaker-net · September 6, 2023, 3:33pm

This was the solution to my original post Passbolt helm chart issue with ios app - #3 by samuelcolacchia