ASWebAuthenticationSession cookie

Hi! I'm trying to implement ASWebAuthenticationSession to log in to my app via the web app backend. However, I'm a bit confused about the cookies that this has access to. When I set prefersEphemeralWebBrowserSession=false it does not seem to use the cookies from Safari. Or at least, I'm logged into my web app in Safari, but when I use ASWebAuthenticationSession I still have to log in again. Does it not share session cookies with Safari? I did notice that if I don't use an ephemeral session, once I log out and try to log back in my app does automatically log me in but that's actually unhelpful in my opinion because now I have no way to clear that session because it only lives in the ASWebAuthenticationSession context. If that's the case I may as well use the ephemeral session then because it seems to have only drawbacks.

I have an app that uses the Slack API, and I’m trying to use ASWebAuthenticationSession on watchOS 6.2 to allow for login on watchOS. I was able to display the login form and enter my username and password, then I saw this displayed:Unable to set cookie You need to enable cookies to sign in.Is this something Slack needs to account for, or is there a way for my ASWebAuthenticationSession on watchOS to enable cookies?

Hello, I'm implement some SSO features and have a question about ASWebAuthenticationSession and Safari can share cookies? In my demo, it can not share cookie, I looking for some way to do it. Thank you very much.

I'm currently trying to add an OIDC connection to an iOS application. I'm using AppAuth, which will use ASWebAuthenticationSession (because we're targeting recent versions of iOS). We have a login web page that will write a cookie. We'd like this cookie to be shared between the application (using ASWebAuthenticationSession) and the system browser (Safari) so that the user can be recognized and avoid having to log in again. The web page writes a permanent cookie (with an expiry date) and the iOS application uses ASWebAuthenticationSession. And I did not set prefersEphemeralSession to true. So we should be OK with the documentation (SFSafariViewController no longer shares cookies, and session cookies are not shared between ASWebAuthenticationSession and Safari). It should work, if I understand the documentation correctly. Did I miss a point? Or is it a known problem? I also tried to create a simple web page that read and write a cookie

We are using an ASWebAuthenticationSession to authenticate using an already logged in session in Safari. This works fine on real hardware. In Simulator from iOS13.5, the callback URL is always missing the session ID which indicates that ASWebAuthenticationSession couldn't access the cookies. We are not using session cookies. As documented here: https://developer.apple.com/documentation/authenticationservices/authenticating_a_user_through_a_web_service Does anyone have any suggestion how to debug this and figure out if the problem is on our side or iOS side?

Hi All, We are loading ASWebAuthenticationSession with a request URL which internally checks for the active session and cookies then returns the AuthCode in the Redirection URI, but sometime this is failing due to the cookie lost in between the requests. We see the cookies are present for first few requests and getting missed in between the request while redirecting to different URLs. Is anyone faced the similar issue with ASWebAuthenticationSession? This issue is observed in iOS 13 and above devices only, not in the simulator. Also, we if give 30 secs delay between Login session and AuthCode session it always works.

I'm testing ASWebAuthenticationSession with a site that has a counter increased each time the page loads and saved to localStorage to make sure ASWebAuthenticationSession share data with the site. The result was that ASWebAuthenticationSession in app and Safari don't share localStorage, even the app presents a pop-up to allow sharing data between the app and localhost (the site is localhost) I then test with cookie (expires in 1 day), it didn't get share, either. This is opposite to the behavior documented. Device: iPhone 11 Simulator, iOS 14.5 IDE: XCode 12.5 on macOS Big Sur - Macbook Pro M1

In iOS 17 beta 5, the alert controller that pops up when sharing cookies with Safari was different than it was in iOS 16. I'm not sure how many betas this was in, but it said: Do you want to also sign in to in Safari? This allows and in Safari to share information about you such as your account. will work without this. Cancel Sign in to & Safari Only Sign in to In the official release of iOS 17, the alert is back to having just Cancel and Continue and the text it had previously: Wants to Use to Sign In This allows the app and website to share information about you. Question is, was this a fluke in beta? Is the ability to for users to disable Safari cookies something that is coming back? Is it a setting? I can't seem to find any information about this at all. It was concerning for us in beta, because it seemed like it was going to be a potential source of login issues, but now I'm not sure what to make of it. Thank you!

Hi all; I am working with an app, which implements the authentication mechanisms based on ASWebAuthenticationSession. However, due to the demands of the app, I need to extract or interact with the cookies that may be generated. Is it possible to extract and parse cookies using this framework? If yes, what would be the most appropriate mechanism for such? Many thanks.

I'm trying to set a Cookie on ASWebAuthenticationSession on iOS 17.4+ using the new available method additionalHeaderFields. I can use this method to set any header field but Cookie. As soon as I try to set this header, I receive the following error: Cannot start ASWebAuthenticationSession: Error Domain=com.apple.AuthenticationServices.WebAuthenticationSession Code=1 One or more provided headers are invalid. UserInfo={NSLocalizedFailureReason=One or more provided headers are invalid.} The same content, but with different name (Foo) is inserted as a header in the request. So, are there any limitation about setting cookies on ASWebAuthenticationSession? I've found any information abut this

An iOS application of ours we develop for a client was recently rejected as it was claimed we violate Guideline 5.1.2. The App Review team's justification was: We noticed your app accesses web content you own where you collect cookies. Cookies may be used to track users, but you do not use App Tracking Transparency to request the user's permission before collecting data used to track. The App Review team included a screenshot of our client's website which they had navigated to via a button found in our client's SSO login flow. Their main website has a cookie policy which seems to be the cause of the rejection. Clearly our client's main website should not be accessible via their SSO login flow but this opens a wider question and concerns from our client. We open the SSO login flow within an ephemeral ASWebAuthenticationSession. The documentation of which states: Set prefersEphemeralWebBrowserSession to true to request that the browser doesn’t share cookies or other