A class that manages sharing a one-time login between Safari and an app, which can also be used for automatic login for associated apps.
- iOS 11.0+
Along with the login, this class manages sharing cookies and website data.
The two cases where you would use
Logging in to a third party's service using an authentication protocol (e.g. OAuth). This option works well for social network applications.
Providing a single sign-on (SSO) experience for applications. This option works well for enterprise companies that have many applications installed on the same device.
If an application uses
SFAuthentication, users are prompted by a dialog to give explicit consent, allowing the application to access the website's data in Safari. When the webpage is presented, it runs in a separate process, so the user and web service are guaranteed that the app has no way to gain access to the user’s credentials. Instead, the app gets a unique authentication token.
SFAuthentication has a simple completion handler that’s called when the session completes. After instantiating
SFAuthentication, use the start method to show the consent dialog. If the user consents, the session will begin. If at any time you wants to stop the session, call cancel to dismiss the consent dialog or dismiss the webpage. When the session is dismissed, the completion handler is called. Then, the web service redirects to the expected URL, which contains the unique authentication token. A user can decide not to log in to the session either when they are prompted with the consent dialog or after this when they’re viewing the login page. In both cases, the completion handler will be called with the error
The dismiss button in
SFAuthentication always says Cancel. Applications can’t add their own UIActivities to the Share Sheet or exclude items from the Share Sheet. However, the Share Sheet can still be used, in case the user needs a password manager to log in; additionally, it excludes items that could prevent login.