ASWebAuthenticationSession cookie

I am encountering a technical issue while attempting to register an email address for Sign in with Apple within the Certificates, Identifiers & Profiles section. I'm hoping to receive some guidance or assistance on this matter. Specifically, I am facing difficulties in the Configure Sign in with Apple for Email Communication step within the Certificates, Identifiers & Profiles section. After entering my email address in the provided pop-up, I am unable to proceed to the next step. Despite clicking the next button, no response or progress is observed. To provide some context and troubleshooting details: I have ensured that the email address I'm attempting to register is valid and has not been previously associated with Sign in with Apple or any other Apple services. I have attempted this registration process using multiple web browsers and devices, but the issue persists. In an effort to resolve any potential conflicts caused by stored data, I have cleared cache and cookies. I have followed th

On June 7, 2023, I put the paid app in the AppStore, filled out all the agreements, tax and banking information. The only thing that is still not filled out is the tax information for Australia, when I want to fill it out - they ask me if I am an Australian taxpayer and if I have an Australian taxpayer ID, when I check that no, they tell me that in this case you do not need to fill out anything, and this form remains unfilled. I tried many things, cleared cookies, logged in through another clean browser, wrote three letters to support in four days, in response to me - silence. Even if I just have to wait, I want to know for sure, rather than guess at the possible causes as a consequence of the silence of support.

Hi, I am using ShazamKit to detect songs from a live stream. I am using matchStreamingBuffer with a PCMBuffer. It looks like it works for the most part, but sometimes it throws an NSException. Here's the code calling the match: engine.mainMixerNode.installTap(onBus: 0, bufferSize: 4096, format: options.audioFormat) { buffer, time in do { self.session.matchStreamingBuffer(buffer, at: time) } catch { } } The exception: Supplied audio format is not supported { mediaType:'soun' mediaSubType:'lpcm' mediaSpecific: { ASBD: { mSampleRate: 44100.000000 mFormatID: 'lpcm' mFormatFlags: 0x29 mBytesPerPacket: 4 mFramesPerPacket: 1 mBytesPerFrame: 4 mChannelsPerFrame: 2 mBitsPerChannel: 32 } cookie: {(null)} ACL: {Stereo (L R)} FormatList Array: { Index: 0 ChannelLayoutTag: 0x650002 ASBD: { mSampleRate: 44100.000000 mFormatID: 'lpcm' mFormatFlags: 0x29 mBytesPerPacket: 4 mFramesPerPacket: 1 mBytesPerFrame: 4 mChannelsPerFrame: 2 mBitsPerChannel: 32 }} } extensions: {(null)} } This is the stack stack: 0 CoreFounda

I’m having a very odd problem in which my URLSession response works the first time, but almost always fails on subsequent calls. It’s taken me forever to debug because I needed to examine the response headers to determine anything at all. I used Proxyman based on a recommendation from Donny Wals -- https://www.donnywals.com/debugging-network-traffic-with-proxyman/ -- and — as far as I can tell — the only differences between the calls is that the first call returns: HTTP/1.1 200 OK Date: Tue, 06 Jun 2023 14:06:08 GMT Server: Apache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control Vary: Accept-Encoding,User-Agent Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Content-Encoding: gzip Set-Cookie: PHPSESSID=d10701af2da595b698c57f183e76a709; path=/ Upgrade: h2 Connection: Upgrade,

I am simply trying to visualize m3u8 files from my Amazon S3 server while they are playing on my AVPlayer. The basic context of my AVPlayer is that I first create AVURLAsset and attach the cookies required to access it and then subsequently create the AVPlayerItem. I then setup the AVPlayer, play it, and then setup an observer so that I can handle some logic when the audio file is done playing. I just want to be able to get the power data of the streamed file in real time or close to real time. I looked into audioTapProcessor but it does not appear to work with streamed files. I then looked into AVAudioEngine but that also does not work well with streams. Is there any solution to this?

We need to append some values in the User-Agent HTTP header for our SSO flows. We use the ASWebAuthenticationSession class as you should, but I can't find any information on how to modify the headers in this web view. I have tried setting the global user agent via UserDefaults.standard.register(defaults: [UserAgent: fakeUserAgent]) While it does change the User-Agent in WKWebView, it seemingly does not impact the ASWebAuthenticationSession. There are also no configuration settings to change headers or User-Agent on ASWebAuthenticationSession. Is it not possible by security design?

Is it possible to display an ASWebAuthenticationSession or a WKWebView in the context of an auth plugin? I'm currently able to display a custom UI in a window whose canBecomeVisibleWithoutLogin is set to true as part of my unprivileged mechanism. I tried using ASWebAuthenticationSession and making my window the presentationContextProvider for the session but it doesn't work. I also tried displaying a webview but it doesn't render. I checked the nav delegate calls and the navigation is failing with the request timing out. Is there any config or trick to make either of them work? Oh also, URLSession data task calls are also failing with request timing out from my mechanism. I'm guessing there's some restriction related to networking in general?

Hi, we are using the EXTSINGLESIGNONKERBEROS from Ivanti (MobileIron) MDM server in order to get the Kerberos authentication against our SharePoint and OneDrive system running. This worked perfectly fine with the iOS system while we are retrieving the password popup from the iOS SSO Extension. For all the calls we made against our server the system just used the Kerberos ticket for the connection. Now we faced an issue with the WKWebView. We are opening images in the WKWebView but this happens completely without any connection inside the WKWebView. We loading the data of the image upfront and open the WKWebView with a local path from the iPhone / iPad. Somehow after the WKWebView loaded the content our connection does not use our Kerberos ticket anymore. All our calls fail with 401 (because we are not adding any user information to our request - the system Extension is doing it automatically). Just after a restart of the app the Kerberos ticket is added to our request again. Does anyone know why this happens?

Hello everyone, I am working on an iOS app that can be launched from a third party app using a URL scheme. I have implemented this feature and I am able to receive the URL in the openURL method of my app delegate. However, I am facing an issue where the source app identifier is missing in the URL. I would like to know if there is any way to receive the source app identifier along with the URL when launching my app from a third party app. Additionally, I am trying to share session DSID cookies from the third party app to my iOS app. This works fine for Safari, but I am unable to receive the DSID cookies when launching my app from a third party app on iOS 13 and above. I would like to know if there have been any security changes related to DSID cookies in iOS 13 or later that might be affecting my app's ability to receive the cookies. Specifically, are there any changes that impact third-party apps and their ability to share DSID cookies with other apps? I would appr

I have a content blocker working fine, but have noticed some websites are putting a class in the main body tag, and removing it when the user taps to accept/decline cookies. For example: ... ... My content blocker can remove the cookieNotice div completely using: div[id=cookieNotice], but the page doesn't scroll because the body tag includes modal-open no-overflow. Can a content blocker remove values/classes from a tag? If so, what would the XPath look like? Thanks.

Hi, Currently, we do have native signin and home grown biometric solution leveraging Device biometrics within App and We have plans to adopt OAuth2.0 and OIDC using ASWebauthenticationsession. But we primarily wanted to know Perspectives from Apple with regards to UI/UX / Standards / Security while adopting OAuth2.0 and OIDC. Please note that we dont have Apple SignIn or any other social login within App currently.