ARC on iPad: Apple Authentication and Roon Authentication Disagreement?

What’s happening?

· I'm having trouble with Roon ARC

What best describes your issue with ARC

· I can't log into ARC but I can log into Roon

Describe the issue

The multifactor token is impossible to input when setting up Roon ARC first time. The OSK pops up, but doesn’t allow switching to numerical input.

Describe your network setup


The device in question is an iPad Pro 12.9" 4th Gen, which was set up as a new device.
I tried a few times to initialize RoonARC but was unable to switch to the numerical input.

However, it works fine when i have authenticated with RoonLabs (with the token) to access the community (to register this issue).
The authentication to another service allows some form of “ticket” on the device, which alleviates the need to input the token in RoonARC upon next try.

So, the issue is resolved, but there is some issue in presenting the Safari based MFA with Roon ARC on iPads…

Hi @Mikael_Ollars,

Thank you for sharing the info above! I’ll relay this info to our dev team for further inspection. :pray:

1 Like

Hi @Mikael_Ollars,

Thank you for the thorough report. Additional question - do you have any content blockers installed on iOS in Settings for Safari?

Hi Connor, nope. My iPads are very “clean”, do not use anything other than what iPad OS offers (and i am on the lates version, 17.5.1).

Hi @Mikael_Ollars,

At your convenience, are you able to upload a screen video of the numerical keyboard failure on iOS/iPad? We’re ticketing this for devs but currently unable to reproduce the issue in-house reliably.

Here’s an uploader:

I might be able to do that, but how can i reliably remove the granted “token” for the device in question? Clear Safari cookies?
I can reinstall ARC, no problem, but my MFA t0ken is still present on the device, i suppose?

Alright, i improvised. Went to using Safari and requested logout.
And then removed my ARC app, and reinstalled it again.
And yes, the issue still remains. Is it a language issue perhaps?
I uploaded the video, even though you cannot see that i did repeatedly press the [123]-button on the OSK…

What’s happening?

· Something else

How can we help?

· None of the above

Other options

· Other

Describe the issue

I wanted to authorize a new Roon Core, but it does not accept my credentials, so cannot authorize it?
It say's "Invalid Captcha"

Describe your network setup


This auth was tried on an iPad Pro 12.9" M2 which seem to block redirects and other activites necessary to complete MFA, based on device tokens…

Hi, try clearing the browser cache, this normally helps (and/or disabling any popup blockers).

Thanks for the suggestion Geoff, but i can’t see why this isn’t affecting my login through Safari then?

Still i logged out, through the page in Safari.
Tried authorizing the ROCK based server again, to no avail.
So i once again authorized my device (iPad Pro M2, latest iOS) through and i have no isssues accessing my pages there. I am requested to authorize myself with the token from MFA-function after a logout, so this part seems to work fine.

And afterwards when i retried authorizing the ROCK Core, i get a different view from the auth process:

But i cannot sign in, there is a delay of about 10 seconds, but nothing happens…

I tried the Auth-process for the “new” Roon Core based on a NUC, from my Windows Laptop, and wadda ya know! It worked…
I think his is an issue with iPadOS and maybe regional/language settings.
I see similarities with my error report regarding difficulties in getting to the numerical OSK in Roon ARC, the same type of windows is getting “blocked” by iPadOS there.

It does seem that Apple’s security protection and Roon’s authorisation workflow conflict.

I’ll tag @connor as he looked at that previous issue…

Hi @Mikael_Ollars,

One additional question on this case (we’ve merged reports that we believe are associated):

Do you have Private WiFi toggled on for this iPad? We’re getting a precise sense of conditions.

Nope, no such setting, no VPN, no “protection apps”.
Just basic Apple preferred security, pin/face/touch login whatever the device supports.

Let me be clear that this behaviour of not redirecting from back to the Roon application is present not only in Roon ARC, but also when authorizing another Core (which requires login).
And, the issue persists on my iPad Pro 12.9" M2 as well as the old Pro 12.9" (Gen 4) and my iPad Air M1.

On all occasions where authorization from was required, i had to utilize my Win 11 based laptop, where i am redirected to a big (not a small modal one) browser based auth window, which then redirects me back to the Roon application.

Hi @Mikael_Ollars,

Thanks for the continued patience in troubleshooting :pray:

Could you please reproduce the issue via your iPad, and then please use the directions found here and send over a set of iPad logs to our File Uploader?

Hi Ben, i had some issues reproducing this today.
I tried logging out by the button (furthest down on the page) on through Safari on the iPad Pro 12.9" M2, then Logging out from the Server in Roon Remote app.
I flicked the log-switch in settings and quit all apps on the iPad. And i was confused when i started the Roon Remote app again… It requested a log in, of course, and i was presented with the auth dialogue.
Entered my mail/password using Apple keystore functionality. I was presented with the Token input window, which in Roon Remote presents the native Apple on screen keyboard, with all numericals readily available. Entered my token pin, and wadda ya know? I was returned to the Roon Remote app which accepted my credentials?
I tried a few more times, loging out and auth’ing some RoonOs based core which hasn’t been in use for a while… Sorry, everything worked as expected.

So, finally i grabbed my iPad Air M1 (iPad OS 17.5.1) and logged out through as well as through Roon Remote.
And, hey, here i was able to recreate the issue…
For some reason, my MFA ticket seems to be valid on the Air, so i only authorized using Apple Keystore credentials (no MFA Token requested).
Pressing “Sign In” only shows the spinning doughnut for a few seconds, but i am am unable to be redirected back with an auth ticket…

Logs uploaded for this particular session as requested.

1 Like

Hi @Mikael_Ollars,

Thanks for the fresh report and logs! Our dev team will be taking a more thorough look for additional clues.

A follow-up question for you:

Do you recall which Roon Server machine the iPad was previous synced/connected with prior to you replicating the issue? The windows 11 or your ROCK?

Based on the logs you sent, it appears that you were attempting to sync with your windows 11 server, correct?

Did you by chance have both servers running and connected to your network?

Both servers were running alright, and i really cannot say which one was active before i logged out of the ROCK.
Pretty sure both StreacomFC10 and Roon Optimized Core Kit was available from the core selection screen thoug, and when i selected the ROCK device (from which i “logged out of” previously) i was presented with the Auth-window.