Learn how Password AutoFill interacts with both iOS and web apps.
Password AutoFill works with your app during a few key events, including when:
Your app first installs on a device.
The user selects a text input view in your app.
The user taps on an AutoFill item from the QuickType bar.
When your app installs on an iOS device, the system attempts to associate the app with all the domains listed in the app’s
Associated Domains Entitlement:
The system takes each domain from the
Associated Domains Entitlement.
It tries to download the Apple App Site Association file (
apple-app-site-association)for that domain.
If all the steps succeed, the system associates the app with that domain, and enables Password AutoFill for that domain’s credentials.
User Selects a Supported Input Field
When the user selects a supported input view or HTML input element, Password AutoFill displays the QuickType bar above the keyboard and populates it with relevant options for the given field.
If you haven’t tagged the input field, the system uses heuristics to identify the view’s type and determine if it is supported. Password AutoFill supports input views and HTML input elements for user names, existing passwords, new passwords, and security codes.
User Names and Passwords
The QuickType bar only appears if the user has at least one password saved on the iOS device and the Keychain AutoFill setting is enabled. The key icon gives users access to all the credentials saved on the device, while the QuickType bar includes any credentials for your associated domains.
The system suggests a strong, unique password in apps that have an associated domain. It also saves any new credentials. To set up associated domains, see Setting Up an App’s Associated Domains.
If your website has specific password rules, you can define valid password formats by setting the text view’s
password property. This property takes a
UIText objects, which contains a rules descriptor string.
In iOS 12, the
password property is supported only on
UIText objects, and the text field’s
is property must be set to
true. The API is ignored if it is adopted on any other views.
For more information on the format of rules descriptors, see Customizing Password AutoFill Rules.
If the system can parse a security code from an SMS message, the QuickType bar shows the code for up to three minutes after it has been received. If a security code arrives while the text input view is selected, the system pushes the incoming code to the QuickType bar.
To test the format of your SMS code for different languages, text a message to yourself. If you receive a message with an underlined security code, tap on the code. If a Copy Code option appears, the system has recognized your code.
User Taps on an AutoFill Item
When users select an item from the QuickType bar, the system asks them to authenticate using Face ID or Touch ID. Your app becomes inactive when Face ID or Touch ID appears, triggering your app delegate’s
Don’t remove your user interface when these methods are called. If you do, the system won’t be able to autocomplete your input views.
As soon as the user authenticates successfully, the system changes the first responder to the views to be autocompleted—even if the app prevents changes to the first responder normally. The system then fills in all the relevant views.
Notifications are sent after the text changes. You can use these notifications to validate the information and update the form’s user interface—for example, by enabling the login button once the user name and password views are filled.
For iOS apps, the system always sends a
text notification when a view has been modified. It also calls one of the delegate methods of the view—but the exact method depends on the view’s type:
UIText: The system calls your
Field(_: should Change Characters In: replacement String:)