Cookie sharing between ASWebAuthenticationSession and Safari (ios)

I'm currently trying to add an OIDC connection to an iOS application. I'm using AppAuth, which will use ASWebAuthenticationSession (because we're targeting recent versions of iOS).

We have a login web page that will write a cookie. We'd like this cookie to be shared between the application (using ASWebAuthenticationSession) and the system browser (Safari) so that the user can be recognized and avoid having to log in again.

The web page writes a permanent cookie (with an expiry date) and the iOS application uses ASWebAuthenticationSession. And I did not set prefersEphemeralSession to true.

So we should be OK with the documentation (SFSafariViewController no longer shares cookies, and session cookies are not shared between ASWebAuthenticationSession and Safari).

It should work, if I understand the documentation correctly. Did I miss a point? Or is it a known problem?

I also tried to create a simple web page that read and write a cookie to do dome tests.

function writeCookie() {
    var value = "something";
    var maxAge = "max-age=" + (365 * 24 * 60 * 60);
    var expiration = new Date();
    expiration.setTime(expiration.getTime() + (365 * 24 * 60 * 60 * 1000));
    var expires = "expires=" + expiration.toUTCString(); 
    var sameSite = "SameSite=None";
    var secure = ";Secure";
    document.cookie = cookieName + "=" + value + ";" + maxAge + ";path=/;" + sameSite + secure;
}

function readCookie() {
    var cookies = document.cookie.split(';');
    var value = "";
    for (var i = 0; i < cookies.length; i++) {
        var cookie = cookies[i].trim();
        if (cookie.indexOf(cookieName) == 0) {
            value = cookie.substring(cookieName.length + 1, cookie.length);
            break;
        }
    }
    if (value !== "") {
        alert("Cookie value : " + value);
    }
}

And iOS code:

        currentAuthorizationFlow = OIDAuthState.authState(byPresenting: request, presenting: viewController) { authState, error in
          if let authState = authState {
              print("Authorization succeed")
              self.authState = authState
              if let accessToken = authState.lastTokenResponse?.accessToken, let idToken = authState.lastTokenResponse?.idToken {
                  completion(.success(TokenResponse(accessToken: accessToken, idToken: idToken)))
                  return
              }
            }
            self.authState = nil
            completion(.failure(error))
        }
Up vote post of jochocto Down vote post of jochocto
169 views
Posted by
jochocto
Reply
Add a Comment