ASWebAuthenticationSession cookie

Can I use ASWebAuthenticationSession to open content web pages (essentially not login form)? Will my app be rejected during review? Example: I have authentication SSO (Single Sign On) flow already configured and working for several web pages (on several domains). SSO flow uses cookie to keep/track authenticated user state. I want to show to user web page in authenticated state. I'm thinking of such implementation: Use ASWebAuthenticationSession to navigate user to login form -> user enters his credentials -> login success (identity issuer creates authentication cookie) -> use ASWebAuthenticationSession to navigate user to target content page (account settings or something)

Hello everyone, In my application, i have implemented authentication using ASWebauthenticationSession. However, when redirecting the user to a WKWebView, no cookies are shared, causing the session to be lost and requiring the user to log in again. Is there a way to share cookies between the two? If not, what would be the best approach to set up authentication that ensures SSO when switching to a WebView ? Thank you very much for your help !

We use ASWebAuthenticationSession in our app to perform SAML auth on iOS devices. It works fine with Safari. However, if we config other browsers, such as Chrome, as a default browser on iOS device, ASWebAuthenticationSession still load Safari in embedded window and auth cookies is only stored in Safari. Can ASWebAuthenticationSession work with default browser on iOS similar as it works on MacOS? Thanks, Ying

Is it possible to control the modal window's styling displayed when using ASWebAuthenticationSession? We would like to display a full-screen & change the color of the header bar to match the iOS app. Is this possible to do? https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession

I added an ASWebAuthenticationSession to iOS app due to receiving message A valid client certificate is required from URL requests. It opens Safari, the user selects their certificate and the web server authenticates. I get a successfull callback URL on the iOS app. I was under the impression, after the web session was started, I could run GET resquests using URLSession. However, I am receiving the same message that it needs a valid certificate. I am pretty new to iOS development. Any suggestions? Thanks!

Hello, Apple Team. In our iOS app, we are planning to use ASWebAuthenticationSession for cookie sharing with Safari App for single sign on. Normal steps we can think of are as follows: Start ASWebAuthenticationSession. Alert dialog shows up for user permission. If the user permits, web browser shows up. A certain our web page which set cookies is loaded, and immedeiately redirect to ASWebAuthenticationSession's callbackURLScheme url without user operation. ASWebAuthenticationSession's web browser dismissed. In this case, user does nothing on the web brwoser. So if the web browser does not appear on screen, we think user experience is much better. We find out that ASWebAuthenticationSession's web browser view controller can be hidden by using presentationAnchor(for:) method of ASWebAuthenticationPresentationContextProviding protocol. In this case, only alert dialog for user permission shows up. This is very good UX for our app. But we've found foll

If my app utilizes ASWebAuthenticationSession or SFSafariViewController, do I need to add all potential tracking domains that users may access within the session? There is virtually no way to limit the URLs or domains that users can access within the ASWebAuthenticationSession or SFSafariViewController, so how can I know all the potential domains?

Hi everyone, I am trying to authenticate an user through ASWebAuthenticationSession, and after that redirect to an URL that uses the callback scheme. The authentication page URL is correctly loaded on a browser thanks to ASWebAuthenticationPresentationContextProviding. But after form completed and authentication successfully, what I am doing is a redirect directly from my server to http://localhost:5000/ios/hola?hola=hola I am trying to catch this URL using a callbackScheme in my iOS app, using the same url that the one which I redirected the browser to, but this is not working. I also tried to create a Scheme URL to my identifier, and pass it to the callbackScheme, but this is not working either. Documentation is not very clear at how to manage the authentication callback and as a beginner I don't know the way to solve this. Some help would be appreciated. Thank you for your time! PD: This is the code of my class @available(iOS 12.0, *) class AuthView: UIViewController { var authSession: ASWebAuthenticationSession

I'm using ASWebAuthenticationSession using Authorization Code Flow. In this flow I get a code token back from ASWebAuthenticationSession that I exchange for access and refresh tokens from my server. I store those in KeyChain. This works fine, but the problem is when I want to log out and log in with a different account.Logging out is two steps:1. Throw away my keychain tokens2. Call ASWebAuthenticationSession to logout from the servers.The second step has a strange user experience though, as it will ask concent for logging _in_! If I skip this step, and try logging in again using ASWebAuthenticationSession, it will not show the web view unless enough time has passed since the previous login.So, I was thinking that most users don't login and logout often so I could check if enough time passed since the login and then skip step 2. Not good, but still an improvement.Does anyone know how long that timeout is? I tested and it seems it may be one hour. Perhaps it's some kind of cookie

We are experiencing an issue with session sharing on iOS and would appreciate your guidance. We operate and control our own OpenID Connect (OIDC) server. Our iOS application uses ASWebAuthenticationSession to authenticate users. We're unable to get the authentication session to be shared between the Safari app and the app's ASWebAuthenticationSession. This results in users having to re-authenticate despite being logged in via Safari. We've attempted various configurations related to cookie SameSite settings. These adjustments resolved the session sharing issue on Android using Chrome Custom Tabs. However, no changes we've tried have enabled session sharing to work as expected on iOS. According to documentation from Apple, Microsoft, Okta, and Auth0, session sharing between Safari and ASWebAuthenticationSession should work. Question: Are there any additional settings, configurations, or platform limitations we should be aware of that could impact session sharing on iOS? Wher

Hi all; I'm trying to implement ASWebAuthenticationSession on MacOS. The application must be able to open the default browser to interact with the IdP. The implemented code is basic, since what I am trying to understand is how to configure the framework to be able to open the system browser. Based on the documentation I observe this: A browser loads and displays the page, from which the user can authenticate. In iOS, the browser is a secure, embedded web view. In macOS, the system opens the user’s default browser if it supports web authentication sessions, or Safari otherwise. That is, it implies that this would be valid only for iOS, since a view is required where the content can be anchored. With which my understanding is that for MacOS that is not necessary, since the system browser is used. However, when I try to compile the base example, Xcode throws the following message: _Domain=com.apple.AuthenticationServices.WebAuthenticationSession Code=2 Cannot start ASWebAuthenticationSession wi

Is is possible to use the camera in ASWebAuthenticationSession? We want to support signing in with a QR Code in our custom OAuth flow but the browser can't seem to access the camera.