ASWebAuthenticationSession cookie

Hello, we built an ios app using the capacitor framework (app rendered in webview) and recently implemented a cookie based authentication mechanism. What we have no reliable information about is for how long these first-party cookies are stored and if/when they are cleared by some Apple policy. There is a lot of conflicting information out there and I want to reach out here to get some definitive information about this topic. For how long are first-party cookies persisted using ios webview via capacitor. Is there any way to influence that behaviour? Thank you very much. Best Regards Marcus

When I open a URL in a tab in a Profile, I see that cookies are applied accordingly. When I do a fetch request with {credentials:include} in the extension background page in a Profile, the cookies are not sent in the request. This, however, works when doing it in the normal Personal Profile.

We have some third-party SDKs do not support arm64 simulator, so we excluded arm64 for Any iOS Simulator SDK in Excluded Architectures. But in this case, ASWebAuthenticationSession will display abnormally. We submitted FB14853757 during the beta period, but have not received any response. This issue still exists in the official version. I hope it can be resolved. Thank you!

It seems Safari 18's fetch() does not include credentials even credentials: include and safari extension has host_permissions for that domain. Is there anyone has this problem? I try to request in popup.js like this: const response = await fetch( url, { method: 'GET', mode: 'cors', credentials: 'include', referrerPolicy: 'no-referrer', } ); and it does not include the cookie from host_permissions. Those code worked in Safari 17 (macOS Sonoma).

Hello, everyone! I'm using CloudKit JS with a React SPA to allow users from a mobile app to access their data in a web browser. Currently, the project is still under development so there are no public users beside my team. The way I've integrated CK JS in my app is via their CDN, importing the required url in my index.html file. However, I'm having issues with the Authentication using Apple Sign In. While the Sign In and Sign Out buttons work correctly for me and my teammates, the session is not persisted for everyone. Actually, I'm the only one from me team that does not have to log in every day. I have the following configuration function: export const configureCloudKit = () => { window.CloudKit.configure({ locale: 'en-us', containers: [ { containerIdentifier: CONTAINER_ID, apiTokenAuth: { apiToken: API_TOKEN, persist: true, signInButton: { id: 'apple-sign-in-button', theme: 'black', }, signOutButton: { id: 'apple-sign-out-button', theme: 'black', }, }, environment: 'development', }, ], }); }; As you

I'm working on Authenticating a User Through a Web Service and using https callback. When running the project on real device all works as expected, but when I run the same project with the same config on simulator I get this error: Login failed: Error Domain=com.apple.AuthenticationServices.WebAuthenticationSession Code=1 Application with identifier bundle_id is not associated with domain my_domain. Using HTTPS callbacks requires Associated Domains using the webcredentials service type for my_domain. UserInfo={NSLocalizedFailureReason=Application with identifier bundle_id is not associated with domain my_domain. Using HTTPS callbacks requires Associated Domains using the webcredentials service type for my_domain.} Xcode 15.4 iOS 17.5 @available(iOS 17.4, *) public init(url URL: URL, callback: ASWebAuthenticationSession.Callback, completionHandler: @escaping ASWebAuthenticationSession.CompletionHandler)

Our app includes showing external web service with WebView or Safari and returning to the app with custom URL scheme or universal link. When we set Hide and Require Face ID feature which was available on iOS 18, neither custom URL scheme nor universal link activated the app. If we only set Require Face ID, the deep link worked properly. Here is what we've tried: Define custom URL scheme or universal link in the app https://developer.apple.com/documentation/xcode/defining-a-custom-url-scheme-for-your-app https://developer.apple.com/documentation/xcode/supporting-universal-links-in-your-app Implement external web service with one of the following frameworks ASWebAuthenticationSession https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession/ SFSafariViewController https://developer.apple.com/documentation/safariservices/sfsafariviewcontroller Safari WKWebView https://developer.apple.com/documentation/webkit/wkwebview On iOS 18 device, install the app and set H

After iOS 17.4, Passkey Autofill stopped working inside ASWebAuthenticationSession. iOS 17.5 re-enabled users to pick passkeys if they tap 🔑 icon on right bottom of keyboard and opened Safari password manager. However, it still doesn't recommend passkeys on the first view. Even on the latest iOS 18.0 developer beta, the behaviour is not fixed yet.

I have a hybrid mobile app which loads web server screens in its iframe(which is under the WKWebView); an https request is initiated from the mobile app to the web server which returns the html page to be loaded in the iframe. The calls which are initiated from outside the iframe have cookies maintained in their requests, while the ones initiated from inside the iframe(web server page) loose the cookies and do not inherit them in IOS beta 18 while It worked fine in the previous IOS versions. Anybody has infos about this or similar cases?