I have a critical issue where my websocket will not connect to a server that is sitting behind an NGINX reverse proxy only on iOS 13. I have tested on both a real device and simulator with no success. It simply hangs on preparing. it never receives updates to the viabilityUpdateHandler and only ever enters the preparing state of the stateUpdateHandler. On any iOS greater or equal to iOS 14 it works seamlessly. I can connect to a local server that is not dealing with any certificates on iOS 13 no problem, but when my production server is in play it does not communicate something properly. I am using NWConnection's NWProtocolWebSocket. The setup is basic and straight forward let options = NWProtocolWebSocket.Options() options.autoReplyPing = configuration.autoReplyPing options.maximumMessageSize = configuration.maximumMessageSize if configuration.urlRequest != nil { options.setAdditionalHeaders(configuration.urlRequest?.allHTTPHeaderFields?.map { ($0.key, $0.value) } ?? []) _ = configuration.cookies.map { cookie
Search results for
ASWebAuthenticationSession cookie
1,295 results found
Selecting any option will automatically load the page
Post
Replies
Boosts
Views
Activity
I also noticed that custom URL scheme and ASWebAuthenticationSession combo doesn't have this Open button issue, but was worried that this is some kind of omission/bug and it may get fixed later. After your explanation it looks like expected behavior and this helps a lot. Essentially applinks purpose is for direct app/browser integration and not meant to work with ASWebAuthenticationSession API. Thank you!
Topic:
App & System Services
SubTopic:
Core OS
Tags:
Yes, WKWebView supports WebAuthn as long as your app is using Associated Domains (specifically the webcredentials association) with the RPID that you're using. If you need to authenticate to third party services, ASWebAuthenticationSession is the correct solution. For the Open button behavior you're describing, it sounds like you may be either using a Universal Link for your callback rather than a custom URL scheme or your custom URL scheme isn't matching. Using a custom URL scheme is the preferred callback method for ASWebAuthenticationSession and will provide the best user experience (e.g. no Open button). For other platforms, custom URL schemes are generally discouraged because other apps may try to claim the same URL scheme and intercept the response. However, ASWebAuthenticationSession was specifically built to solve that problem and guarantees only the calling app will receive the response (documented here).
Topic:
App & System Services
SubTopic:
Core OS
Tags:
Hello. Does WKWebView on Mac support FIDO2(webauthn)? We need to implement this in our app and ASWebAuthenticationSession API comes up in searches all the time as the only solution. Is this still the case? From my experiments ASWebAuthenticationSession on Mac doesn't provide best user experience - too much fiddling and odd behavior for an end user. F.e. user needs to click Open button from the browser window to pass token to the very same app which initiated the window and this is not very logical considering all the efforts to setup applink. Would appreciate an advice.
Since this problem still exists in the latest Safari version (16.5.2) and we're having problems with this as well. I've added some details of our cookie problem when loading (rendered JavaScript) assets on https://bugs.webkit.org/show_bug.cgi?id=255524 It seems that any value in the SameSite attribute of the cookies causes this to happen. We could see that just 4 of the 7 cookies were kept during all requests and the other three get lost from time to time. Hoping for an official fix soon.
Topic:
Safari & Web
SubTopic:
General
Tags:
I found that the page gets stuck after completing face authentication when using ASWebAuthenticationSession to call webauthn JSAPI. This issue has occurred on both 15.4 and 15.1.1 systems.
Even If you are API call is clearing cookies (Set-cookie), Still you need clear cookies manually as well in your browser for Safari. Either you can use the following code document.cookie = YOUR_COOKIE_NAME=;expires=Thu, 01-Jan-1970 00:00:01 GMT;domain=+document.location.host or you can use js-cookie to manage cookies by adding the below function export function removeFromCookies(keys = []) { keys.forEach(key => // For Safari we need to pass the domain name to remove the cookie Cookies.remove(key, { domain: window.location.host, expires: 'Thu, 01-Jan-1970 00:00:01 GMT', }), ); } Thank you
Topic:
Safari & Web
SubTopic:
General
Tags:
I am using appauth pods for authentication (https://github.com/openid/AppAuth-iOS) and was wondering how Safari webkit is managing the application context for the cookies saved while authentication. I made sure I have a successful authentication then I tried few combinations to understand failed authentication behavior and tried to compare with my mac safari developer tools. What caught me off guard was that the safari webkit cookies were not visible to me programmatically. I am using below code to get the cookies. HTTPCookieStorage.shared.cookies(for: URL(string: https://(targetDomain))!) I also tried using developer console for mobile safari kit but as soon as the authentication flow gets completed the view is destroyed and information gets lost. So has anyone have come across this situation and figured how safari web kit isolates the cookies visibility.
I could interpret this question in two different ways. I'm not sure which was intended, so I'll try to answer both. The app is expecting user B to sign in (e.g. B was the last account used on the device, but its cookies expired and needs to sign back in). The system passkey sheet comes up and I (the user) see passkeys for both A and B. I select A's passkey. Now, because the app was expecting user B to sign in, and I provided some valid assertion, I'm signed in as user B even though I used A's passkey. If this is happening, it's a security error on the server side. The server should check the credentialID of the returned assertion and verify that it matches the user expected to be signed in, or (ideally) should just sign in the user that the credential ID belongs to (i.e. in this case, I should have been signed in to A's account even though the app expected me to sign in to B). The app is trying to perform an authorization for something specific to user B (e.g. a step-up re-auth protecting an importan
Topic:
App & System Services
SubTopic:
Core OS
Tags:
Hello, I am developing a firewall against http attacks at Layer7 layer. And no system (linux/windows/android/bsd/ios version < 16) works flawlessly, except for ios 16 version. İos 16 device screen record (error): veed . io/view/ab86584b-c054-4b70-8c73-6ae9782fabad) Old ios version test (no error): I am using a golang http service in addition to nginx in the opened url. And when I try to access this golang code directly (ios16) I get 503 error from a device. And all this http service does is to set a cookie on the client after getting the useragent and ip information. Code: What new feature in iOS 16 prevents my service from running? and how can i fix this. Note: In iOS 16, the situation is the same in all browsers, not just safari, I tried it on chrome. However, there is no problem when I try it on 15 and lower versions, which is a lower version. Thanks for your help in advance.
Could anyone please share a simple some instructions on just getting measurement updates. I didn't develop for a long time and getting back to it. Went through various courses quickly to catchup what I have missed, but I simply cant get CMWaterSubmersion manager even to build. I am following documentation, but making cookie mistakes and getting error after error net even being sure how many mistakes I did already. I am creating a separate class and adding trying to start monitoring data. Registered for motion data, edited plist etc. But then getting missing initializer or non conformation to CMWaterSubmersionManagerDelegate etc etc. Can find any simple code example anywhere on the internet.
Topic:
App & System Services
SubTopic:
Core OS
Tags:
Our app that uses a WKWebView to display our (web-page) product, this page uses a third-party iframe. Since third party cookies are no longer supported this breaks our app. On the (mobile or desktop) web we can instruct our users to disable blocking third party cookies (until we find a different solution), but in our hybrid app we cannot. Following the instruction from this document, we've added a key into our info.plist file - NSCrossWebsiteTrackingUsageDescription. This indeed adds an option in the app settings page called Allow Cross-Website Tracking, but even with this turned ON, the iframe still cannot access cookies. We also tried to configure App-Bound Domains that includes the third party iframe but it still didnt work. Did anyone succeed configuring a WKWebView to support third party cookies? Thanks!
Did you resolve this? Going through the same issue right now but with an ASWebAuthenticationSession
Topic:
UI Frameworks
SubTopic:
SwiftUI
Tags:
There is no way to draw a security boundary between different regions of code in the same process. Either the entire process has access to the credentials or nothing in the process does 🙂. If you want to allow a link account (aka federated sign-in) feature, you likely want to use OAuth with a web-based sign-in flow. Once your server supports that, it can be easily integrated into your SDK with ASWebAuthenticationSession.
Topic:
App & System Services
SubTopic:
Core OS
Tags:
I have tried deleting cookies, changing browser, device. However, the error still occurs. I have contacted technical support, however they still do not offer me a solution...