ASWebAuthenticationSession cookie

My safari plugin login verification is based on cookies. I found that as long as the plugin is used for a period of time, refreshing the page and making another request will result in the loss of cookies. I want to know if there are any other ways besides changing the login verification method to bypass cookies?

It seems that all macOS apps currently going through App Review which use ASWebAuthenticationSession (or SwiftUI webAuthenticationSession) are being rejected, because: Reason given: Guideline 4.0 - Design The user is taken to the default web browser to sign in or register for an account, which provides a poor user experience. See here for more details: https://forums.developer.apple.com/forums/thread/750400 If webAuthenticationSession is no longer permitted for production apps, what is the current recommended approach for implementing OAuth 2 authentication?

Hi! I've got a problem with Safari (17.4.1) in Mac OS Sonoma (14.4.1). Safari logs me out in every website I log in: Google websites, Twitter, also all my Wordpress sites... It logs me out after a few minutes. I try to clean safari, empty caches, cookies. I've got private relay disabled and in privacy settings I've goy all settings unchecked...

When using an ASWebAuthenticationSession to log in, with prefersEphemeralSession = false to enable SSO, the system presents an alert asking if the user wants to allow SomeApp to Sign In with someauthprovider.xyz. The system presents exactly the same alert when you want to log out, and it is confusing for users. It's my understanding that the system does this because the alert really means would you like to allow this app to let some page access Safari's shared cookie vault? in lay terms, and is not distinguishing between create, read, update, or delete. It would be splendid if Apple changes this dialog depending on the operation. I would also like to know if there is any other way to fix this.

New versions of AppKit/Mac Catalyst apps that use Google's Sign In framework are being rejected by App Store Review for the past two weeks. Reason shared was: The user is taken to the default web browser to sign in or register for an account, which provides a poor user experience. And also citing: Data Collection & Storage guidelines -> https://developer.apple.com/app-store/review/guidelines/#data-collection-and-storage Opening macOS' default web browser has been a native behavior of Mac apps when using SFSafariViewController with ASWebAuthenticationSession, which is required, since iOS 13, for securely/privately logging in users. As far as I could investigate, there hasn't been any updates to the guidelines that would indicate any required changes to developers in regards to how login works for macOS apps. Are there any steps developers need to take to get updates approved while still providing users with Google's Sign in? As reference, there is an on-going discussion on GoogleSignIn repo abo

Hello, My app uses OAuth to connect to two services. To get the authorization ocde, originally, they both allowed a URI in the form of com.SmartVentsTwo://auth. Now, the second one changed and requires that the URI be a complete URL starting with HTTPS. Needless to say the second stopped working. I read several different articles and posts about this difference telling me a range of things to do from simply adding https://com.SSmarVentsTwo://auth to the URL types in the project settings, to creating a redirect from my website. It would seem the most secure would be the former since it doesn't require extra jumps, but it didn't work. When I tried it, after logging in and authorizing the request, i got a could not find server error. What are the exact steps I need to follow to accommodate the change? (Thank you very much!!)

I'm finding a way to hook vnode operations, following is a snippet of the code: IOReturn FltIOKitKAuthVnodeGate::RegisterVnodeScopeCallback(void) { // // register our listener // this->VnodeListener = kauth_listen_scope( KAUTH_SCOPE_VNODE, // for the vnode scope FltIOKitKAuthVnodeGate::VnodeAuthorizeCallback, // using this callback this ); // give a cookie to callback if( NULL == this->VnodeListener ){ DBG_PRINT_ERROR( ( kauth_listen_scope failedn ) ); return kIOReturnInternalError; } return kIOReturnSuccess; } Here use kauth_listen_scope to get the newly created vnode object, then will hook on it. But now kauth_listen_scope is deprecated, and there is no way to get the vnode by using EndpointSecurity. So is there any other way to get the newly created vnode object?