Steps to reproduce
- Use Element X iOS 26.05.3 with a self-hosted Matrix server using MAS/OAuth.
- Homeserver:
<redacted self-hosted homeserver>
- Server stack:
- Synapse 1.153.0
- Matrix Authentication Service 1.17.0
- Element Web behind the same domain
- In Element X, choose the homeserver and continue with the MAS/OAuth login flow.
- The web authentication sheet loads the MAS login page, but the login does not complete and Element X shows the same generic error as before.
Outcome
What did you expect?
Element X should complete the MAS/OAuth login flow, exchange the authorization code, and create a new Matrix device for the iPhone.
What happened instead?
From the server side, the Element X login starts correctly but never progresses past the MAS login page. No iPhone access token or Synapse device is created.
Element Web on the same Mac/browser and same account works successfully against the same MAS/Synapse server, including the consent step and /oauth2/token exchange.
Server-side evidence
Relevant MAS/Synapse events from the failed Element X attempt:
2026-06-01T00:12:25Z GET /_matrix/client/v3/login 200
User-Agent: Element X/26.05.3 (iPhone 16 Pro Max; iOS 26.5; Scale/3.00)
2026-06-01T00:12:27Z POST /oauth2/registration 201
Client registration:
redirect_uris: ["https://element.io/oauth/ios/io.element.elementx"]
application_type: "native"
client_name: "Element X"
2026-06-01T00:12:29Z GET /authorize 303
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.5 Mobile/15E148 Safari/604.1
2026-06-01T00:12:29Z GET /login 200
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.5 Mobile/15E148 Safari/604.1
After that there is no iPhone POST /login, no /consent, no /oauth2/token, and no new Synapse device for the account.
The MAS authorization grant row for this attempt remains unfulfilled and unexchanged:
client_name: Element X
application_type: native
redirect_uri: https://element.io/oauth/ios/io.element.elementx
fulfilled_at: NULL
exchanged_at: NULL
For comparison, a successful Element Web login immediately before/after the iPhone attempt creates the expected MAS session, token exchange and Synapse device.
Server checks already verified
/.well-known/matrix/client advertises MAS via org.matrix.msc2965.authentication/.well-known/openid-configuration returns 200/_matrix/client/versions returns 200 and includes sliding sync support/_matrix/client/v3/login returns password + OAuth-aware flows- MAS doctor reports the client well-known and homeserver checks as valid
- Password login and Element Web OAuth login work for the same account
Suspected area
This looks related to the iOS ASWebAuthenticationSession / MAS web-auth flow rather than the homeserver itself. Element X starts OAuth and MAS serves /login, but the app never reaches the point where credentials are posted or a callback/token exchange is completed.
Relevant code paths appear to be:
AppSettings.oAuthRedirectURLOAuthAuthenticationPresenter.authenticate(using:)ASWebAuthenticationSession(url:callback:)
At minimum, it would help if Element X surfaced the exact ASWebAuthenticationSession error/cancellation reason instead of a generic error, because the server side only shows the flow stopping after GET /login.
Phone model
iPhone 16 Pro Max
Operating system version
iOS 26.5 according to Element X user agent
Application version
Element X 26.05.3
Homeserver
Will you send logs?
Server-side MAS/Synapse logs are included above. App-side logs can be provided if there are instructions for extracting them from Element X after this failure.
Steps to reproduce
<redacted self-hosted homeserver>Outcome
What did you expect?
Element X should complete the MAS/OAuth login flow, exchange the authorization code, and create a new Matrix device for the iPhone.
What happened instead?
From the server side, the Element X login starts correctly but never progresses past the MAS login page. No iPhone access token or Synapse device is created.
Element Web on the same Mac/browser and same account works successfully against the same MAS/Synapse server, including the consent step and
/oauth2/tokenexchange.Server-side evidence
Relevant MAS/Synapse events from the failed Element X attempt:
After that there is no iPhone
POST /login, no/consent, no/oauth2/token, and no new Synapse device for the account.The MAS authorization grant row for this attempt remains unfulfilled and unexchanged:
For comparison, a successful Element Web login immediately before/after the iPhone attempt creates the expected MAS session, token exchange and Synapse device.
Server checks already verified
/.well-known/matrix/clientadvertises MAS viaorg.matrix.msc2965.authentication/.well-known/openid-configurationreturns 200/_matrix/client/versionsreturns 200 and includes sliding sync support/_matrix/client/v3/loginreturns password + OAuth-aware flowsSuspected area
This looks related to the iOS
ASWebAuthenticationSession/ MAS web-auth flow rather than the homeserver itself. Element X starts OAuth and MAS serves/login, but the app never reaches the point where credentials are posted or a callback/token exchange is completed.Relevant code paths appear to be:
AppSettings.oAuthRedirectURLOAuthAuthenticationPresenter.authenticate(using:)ASWebAuthenticationSession(url:callback:)At minimum, it would help if Element X surfaced the exact
ASWebAuthenticationSessionerror/cancellation reason instead of a generic error, because the server side only shows the flow stopping afterGET /login.Phone model
iPhone 16 Pro Max
Operating system version
iOS 26.5 according to Element X user agent
Application version
Element X 26.05.3
Homeserver
Will you send logs?
Server-side MAS/Synapse logs are included above. App-side logs can be provided if there are instructions for extracting them from Element X after this failure.