A class that manages sharing a one-time web service login, along with cookies and website data, between Safari and an app, which can also be used for automatic login for other associated apps.
- iOS 11.0+Beta
The two cases where you would use SFAuthenticationSession are:
Logging in to a third party's service using an authentication protocol (e.g. OAuth). This option works well for social network applications.
Providing a single sign-on (SSO) experience for applications. This option works well for enterprise companies that have many applications installed on the same device.
If an application uses SFAuthenticationSession, users are prompted by a dialog to give explicit consent, allowing the application to access the website's data in Safari. When the webpage is presented, it runs in a separate process, so the user and web service are guaranteed that the app has no way to gain access to the user’s credentials. Instead, the app gets a unique authentication token.
Then, SFAuthenticationSession has a simple completion handler that’s called when the session completes. After instantiating SFAuthenticationSession, use the start method to show the consent dialog. If the user consents, the session will begin. If at any time you wants to stop the session, call cancel to dismiss the consent dialog or dismiss the webpage. When the session is dismissed, the completion handler is called. Then, the web service redirects to the expected URL, which contains the unique authentication token. A user can decide not to log in to the session either when they are prompted with the consent dialog or after this when they’re viewing the login page. In both cases, the completion handler will be called with the error SFAuthenticationErrorCanceledLogin.
The dismiss button in SFAuthenticationSession always says Cancel. Applications can’t add their own UIActivities to the Share Sheet or exclude items from the Share Sheet. However, the Share Sheet can still be used, in case the user needs a password manager to log in; additionally, it excludes items that could prevent login.