iOS app frequent logouts due to auth failure "Not in trusted_networks"

Hi all

I recently got a new iPad mini (wifi only) and noticed that the HA app kept logging out and I’d get a error is HA saying there had been multiple failed login attempts from 127.0.0.1. I’ve tried both the the latest release and the beta release of the iOS companion app and both behave the same. I use the Android companion app on multiple devices daily and have no issues there so I suspect this is related to iOS/the iOS companion app.

My setup is as follows

http:
  server_port: 80
  ip_ban_enabled: true
  login_attempts_threshold: 3
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.10.2
  
homeassistant:
  auth_providers:
    - type: trusted_networks
      trusted_networks:
        - 192.168.10.0/24
        - 10.99.99.0/24
    - type: homeassistant
  external_url: "https://homeassistant.<<my_public_domain>>"

HA internal and external URL’s from the iPad

2024-11-01 19:07:30.079 [Verbose] [main] [OnboardingScanningViewController.swift:230] tableView(_:didSelectRowAt:) > Selected row at 0 DiscoveredHomeAssistant(uuid: Optional("3357baf88fbe470c9c21e5c291922182"), version: 2024.10.4, internalOrExternalURL: http://192.168.10.225, externalURL: Optional(https://homeassistant.<<my_public_domain>>), internalURL: Optional(http://192.168.10.225), locationName: "Home", bonjourName: Optional("Home"))

Yes, the iPad is definitely in the trusted network subnet. I’ve even turned off some of Apple’s privacy features to rule out some variables.

unnamed848×2179 134 KB

Here is a combination of the logs from the iOS companion app on the iPad and Home Assistant. It looks like the app token is expiring and then it says it isn’t in a trusted network to refresh the token.

First successful login

2024-11-01 19:07:30.106 [Verbose] [main] [OnboardingAuthLogin.swift:18] open(authDetails:sender:) > http://192.168.10.225/auth/authorize?response_type=code&client_id=https://home-assistant.io/iOS&redirect_uri=homeassistant://auth-callback


Next login attempt

2024-11-02 08:29:52.708 [Info] > Home Assistant Version: 2024.9.4 Build: 2024.905 PID: 4334

2024-11-02 08:29:55.43 - Fail2Ban(?) logs from HA - banned 127.0.0.1 

2024-11-02 08:29:54.369 [Verbose] [main] [WebViewController.swift:924] userContentController(_:didReceive:) > getExternalAuth called, forced: false
2024-11-02 08:29:54.369 [Info] [main] [TokenManager.swift:88] authDictionaryForWebView(forceRefresh:) > using existing token
2024-11-02 08:29:54.369 [Error] [main] [TokenManager.swift:116] currentToken > Token -7646083403945500367 is expired by 46342 seconds
2024-11-02 08:29:54.369 [Info] [main] [TokenManager.swift:131] refreshToken() > using cached refreshToken promise
2024-11-02 08:29:54.420 [Info] [refresh-promise-cache-mutex] [TokenManager.swift:141] refreshToken() > reset cached refreshToken promise
2024-11-02 08:29:54.420 [Error] [main] [TokenManager.swift:146] refreshToken() > refresh token got error: responseValidationFailed(reason: Alamofire.AFError.ResponseValidationFailureReason.customValidationFailed(error: Shared.AuthenticationAPI.AuthenticationError.serverError(statusCode: 403, errorCode: Optional("access_denied"), error: Optional("Not in trusted_networks"))))
2024-11-02 08:29:54.421 [Verbose] [main] [Realm+Initialization.swift:95] getRealm(objectTypes:) > Current schema version 28
2024-11-02 08:29:54.421 [Verbose] [main] [Realm+Initialization.swift:100] getRealm(objectTypes:) > Schema version defined: 28
2024-11-02 08:29:54.421 [Info] [main] [ClientEventStore.swift:8] ClientEventStore > networkRequest: Refresh token is invalid, showing onboarding ["error": serverError(statusCode: 403, errorCode: Optional("access_denied"), error: Optional("Not in trusted_networks"))]

Next successful login 

2024-11-02 08:31:32.984 [Verbose] [main] [OnboardingAuthLogin.swift:18] open(authDetails:sender:) > http://192.168.10.225/auth/authorize?response_type=code&client_id=https://home-assistant.io/iOS&redirect_uri=homeassistant://auth-callback

It looks like a few others have had the same issue but there hasn’t been a clear resolution.

• Daily log off and issues with IOS companion app - #6 by ultimate-tester
• iPad logging out constantly - #11 by remsta
• Login attempt failed from iOS device - #57 by cug
• https://www.reddit.com/r/homeassistant/comments/1d90d81/constant_logging_out_of_mobile_app/
• Frequent failed login attempts from already logged in app · Issue #2486 · home-assistant/iOS · GitHub
• Error on iPhone - #9 by Gingerfox

Any suggestions/guidelines about what to do next?