ASWebAuthenticationSession cookie

Dev environment: MacbookPro, Ventura 13.0.1 XCode 14.1 I’m implementing a feature for an existing MacOS application, which will allow users to launch zoom meetings from the application, and am trying to use ASWebAuthenticationSession to implement OAuth2. I’ve confirmed that universal links are correctly configured and working for the app (which is using an https-based redirect URI). In my app delegate, I’ve implemented the following for universal links: - (BOOL)application:(NSApplication *)application continueUserActivity:(NSUserActivity *)userActivity restorationHandler:(void (^)(NSArray> *restorableObjects))restorationHandler { if ([userActivity.activityType isEqualToString: NSUserActivityTypeBrowsingWeb]) { NSURL *url = userActivity.webpageURL; if ([url.path containsString:[NSString stringWithStdString:Zoom::kFragment]]) { std::string urlStr((url.absoluteString).stdString); //DBG DialogFactory::GetInstance()->Message(Universal links handler - AppDelegate: Handling response: + urlStr); //DBG

Hello, I have encountered an issue with an iPhone 15PM with iOS 18.5. The NSHTTPCookieStorage failed to clear cookies, after clearing them, I was still able to retrieve them. However, on the same system NSHTTPCookie *cookie; NSHTTPCookieStorage *storage = [NSHTTPCookieStorage sharedHTTPCookieStorage]; for (cookie in [storage cookies]) { [storage deleteCookie:cookie]; } NSArray *cookies = [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookiesForURL:[[self url] absoluteURL]]; // still able to get cookies,why???

I am currently implementing an authentication function using ASWebAuthenticationSession to log in with my Instagram account. I set a custom scheme for the callbackURLScheme, but In the Instagram redirect URL I was told I can't use a custom scheme. What should I do with the callbackURLScheme of the ASWebAuthenticationSession in this case?

Hey, I have a question regarding WKWebView. Under Sharing Cookie Storage section in HTTPCookieStorage's documentation it says that Each WKWebView instance has its own cookie storage. (WKHTTPCookieStore). So it looks to me as HTTPCookieStorage.shared instance and default() WKWebsiteDataStore aren't supposed to be connected in any way. But after some testing I see that it's not working as I expect it to. I'm loading webpage with WKWebView, and then i can see cookies from that page in my HTTPCookieStorage shared instance. Can someone explain to me why is that?

Hi all! Right now I'm trying to implement the SSO (single sign-on) feature for my applications. I have the common-auth domain and a couple of apps (domain AAA and domain BBB). While I'm in domain AAA I sign in with the common-auth domain and got an access token (JWT) as a cookie. Then I continue interactions with the AAA domain. After that, I open the domain BBB in a new tab. The application automatically makes a query to the common-auth server. I expect that the access token cookie, which I got from AAA, will be added to the query. But it's not. I can't fully understand why it's not working. Everything is fin in Chrome, IE, and Firefox. Obviously, there are some restrictions with cookies in Safari. But I'm just a backend developer and right now feel a bit frustrated. How can I bypass that problem? What parameters should I add to the cookie to handle cookie sharing? Would be appreciated any advice or links to docs. PS. I won't use cookies for tracking or f

We are getting the cookie from server side when user will do the login successful. Cookie store into app browser. This cookie need to clear when user will do the logout app. We are using the Cordova framework to create the iOS application. In Cordova i have used plugin to clear the cookie. But in iOS device not able to clear the app browser cookie. And in android device same Cordova plugin is working fine. Why the iOS device not able to clear the cookie using Cordova plugin? Plugin name - https://github.com/Cartegraph/cordova-cookie-master Kindly help me out with the solutions.

I found that the page gets stuck after completing face authentication when using ASWebAuthenticationSession to call webauthn JSAPI. This issue has occurred on both 15.4 and 15.1.1 systems.

After iOS 17.4, Passkey Autofill stopped working inside ASWebAuthenticationSession. iOS 17.5 re-enabled users to pick passkeys if they tap 🔑 icon on right bottom of keyboard and opened Safari password manager. However, it still doesn't recommend passkeys on the first view. Even on the latest iOS 18.0 developer beta, the behaviour is not fixed yet.

Hi,I am developing an extension. Our goal is everytime safari is opened, the extension will try to read all the cookies. So we do NOT want to read session cookie, but the cookies in cache I googled, it seems that safari does not have an api for this, but we can make it work by the following:1. when the webpage is loaded, send document.cookie to background2. in the background, use javascript localStorage or some other database to store the cookieIs my understanding correct? After all, it is still complex to implement, it sounds like we have to develop a cookie manager and maintain it.Is there any other workaround or better way?Thank you very much

According to rfc-6265, The user agent will reject cookies unless the Domain attribute specifies a scope for the cookie that would include the origin server. but in iOS, I can save cookies even the Domain attribute is different to server. Below is my code for cookie in HTTPCookieStorage.shared.cookies ?? [] { HTTPCookieStorage.shared.deleteCookie(cookie) } let urlString = http://aa.bbb.net/bb/cc let cookie = HTTPCookie.cookies(withResponseHeaderFields: [Set-Cookie: key1=value1;Domain=baidu.com], for: URL(string: urlString)!) HTTPCookieStorage.shared.setCookie(cookie.first!) for cookie in HTTPCookieStorage.shared.cookies ?? [] { print(cookie) } let getCookie = HTTPCookieStorage.shared.cookies(for: URL(string: http://www.baidu.com/bb/cc)!) print(getCookie) In the above code, I can successfully get my cookie “key1=value1”，this should be wrong？What confuses me is how do I fix this？

When I want to get a specified cookie item which response by the server with WKWebview , I have met some trouble. The Charles tool can view the cookie item in response,When I debug the app the Safari developer storage also can view the cookie item,But I can not use iOS function to get it. Here is some test. WKHTTPCookieStore *cookieStore = self.webView.configuration.websiteDataStore.httpCookieStore; [cookieStore getAllCookies:^(NSArray * Nonnull cookies) { for (NSHTTPCookie *cookie in cookies) { NSLog(@CookieStore cookie name is %@,cookie.name); } }]; [[NSHTTPCookieStorage sharedHTTPCookieStorage].cookies enumerateObjectsUsingBlock:^(NSHTTPCookie * Nonnull obj, NSUInteger idx, BOOL * Nonnull stop) { NSLog(@NSHTTPCookieStorage cookie name is %@,obj.name); }]; [self.webView evaluateJavaScript:@document.cookie; completionHandler:^(id Nullable ret, NSError * _Nullable error) { NSLog(@documents cookies is %@ error is %@,ret,e

I know that ASWebAuthenticationSession usually is used with OAuth and similar protocols, but now I' interested, does ASWebAuthenticationSession supports other auth types? I've made such tests (iOS 14.5, Xcode 12.5.1): Tested ASWebAuthenticationSession with kerberos/negotiate URL (with callback scheme http) - SFSafariViewController loads error page with 401 error and no alert for creds; completion handler of ASWebAuthenticationSession is not called; Tested ASWebAuthenticationSession with NTLM, Digest and Basic URLs (with callback scheme http) - SFSafariViewController shows alert for creds; with correct creds content is shown; completion handler of ASWebAuthenticationSession also is not called; Performed the same test with SFSafariViewController - same results. Do I understand correctly, that ASWebAuthenticationSession doesn't support such auth types, but SFSafariViewController supports them? Why SFSafariViewController doesn't show alert for creds i

We have some third-party SDKs do not support arm64 simulator, so we excluded arm64 for Any iOS Simulator SDK in Excluded Architectures. But in this case, ASWebAuthenticationSession will display abnormally. We submitted FB14853757 during the beta period, but have not received any response. This issue still exists in the official version. I hope it can be resolved. Thank you!

Hi, From MDN - https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/cookies/getAll doc, the httpOnly cookie can't be obtained by browser.cookies API for Safari WebExtension. I would like to ask is there any plan to support getting httpOnly cookie in the future? Besides, for the previous App Extension architecture, is there any way to obtain httpOnly cookie in swift code? Thank you very much

We have changed from UIWebView we used to WKWebview. Changing WebView from UIWebView to WKWebView prevents login. Regenerate the PHPSESSID on the server in the login processing of the Web application and reconfigure it as a cookie. Because ios side can not confirm the update, I think that there is a problem with cookie synchronization processing. How do I synchronize cookies in WK WebView? ◆Configuration 【ios】 ios version: iOS9 Xcode:8.3.3 Swift3 【Server】 WebServer:CentOS　framework:cakePHP 2.9.9(Using authComponent) ◆Reference processing https://qiita.com/yonell/items/bbd45c64a0068f7dc9c3 ◆Steps to Reproduce 1.Login authentication with WebAPI ⇒PHPSESSID is returned from the server Set PHPSESSID to HTTPCookieStorage.shared.cookies 2.Generate WebView with WKWebview ⇒PHPSESSID returned from the server is set to WKWebView's configuretion using WKUserScript 3.application login processing 　⇒Loading PHPSESSID obtained from server with MutableURLRequest. ※At this time, the server regenerate