Search results for

ASWebAuthenticationSession cookie

1,295 results found

Post

Replies

Boosts

Views

Activity

iOS 16.4 ASWebAuthenticationSession's webview can not debug in safari web inspector
I'm using Xcode 14.2 to build an app that runs on iOS 16.4. There is no webView.isInspectable property in this version. When my app presents a webview, it is inspectable in Safari -> develop, which is nice. However, when starting a ASWebAuthenticationSession, Safari -> develop shows no inspectable applications. It was inspectable on iOS 16.1 but not iOS 16.4. How to solve this?
5
0
2.3k
Apr ’23
Reply to TestFlight Unavailable
@Shawzborne, who did you speak with @ Apple and what did they say? Has anyone else reached out? Judging by the relative lack of mentions online, doesn't seem widespread... According to the coinciding console logs, it seems it may be some sort of authentication bug: error 03:28:57.510123+0300 TestFlight AMSAbsinthe: [3822C21C] No bag provided. Defaulting to skipping Absinthe signing. error 03:28:58.114276+0300 TestFlight RP(0x282845a60) URL=https://testflight.apple.com/v1/session/authenticate; code=400; Headers={ Connection = close; Content-Length = 169; Content-Type = application/json;charset=utf-8; Date = Sat, 22 Apr 2023 00:28:58 GMT; Server = daiquiri/3.0.0; Set-Cookie = dc=mr;Version=1;Domain=.itunes.apple.com;Path=/;Max-Age=86400; Strict-Transport-Security = max-age=31536000; includeSubDomains; preload; X-Apple-Jingle-Correlation-Key = OUO35BHL6WPDECX6AWAY7S5KRE; X-Content-Security-Policy = script-src 'self' *.apple.com; X-Content-Type-Options = nosniff; X-XSS-Protection = 1; mode=block; x-daiqu
Apr ’23
Reply to Safari 16.4 seems to lose session cookies on asset requests or javascript fetches.
I'm having a very similar issue with an instance of Discourse I maintain. Multiple users report being intermittently & randomly. signed out after upgrading to Safari 16.4. Occasionally, requests to my site from Safari 16.4 fail to send a user's session token cookie, despite it being present in Safari's storage. This results in my server seeing that missing cookie and correcting the mistake by signing the user out. This does not happen on every request, but it's always the same cookie that gets dropped. The main difference b/t our cases is that my cookie is not a session cookie, it has an expire time of 365 days.
Topic: Safari & Web SubTopic: General Tags:
Apr ’23
Reply to Safari 16.4 seems to lose session cookies on asset requests or javascript fetches.
The problem only occurs with Safari on iPad/MacBook running version 16.4, 16.4.1, or 16.5 beta. The problem cannot be reproduced using Chrome on iPad. Furthermore, the problem does not occur with private browsing in Safari. We have a similar issue with Safari on iPad running version 16.4 (other versions untested) but yet be able to further debug as we have no MacBook at hand right now. But navigating will hang our page and redirect to login after refresh. So it seems to be a session cookie related regression. Deleting Safari website data resets and/or restarts the cycle. Private browsing in Safari or switching to Chrome or Edge is helping for now. I will try to get more details on the issue using a MacBook as soon as possible.
Topic: Safari & Web SubTopic: General Tags:
Apr ’23
Safari 16.4 seems to lose session cookies on asset requests or javascript fetches.
On iPads after updating to iPadOS 16.4, Safari often looses the session cookie provided by PlayFramework: When the browser requests assets (js scripts) or when additional data is fetched by JavaScript, the session cookie is not included in the request. These secondary requests will redirect through our IAM because no session cookie is present. The IAM redirects back to the original domain with a payload so that the login session can be resumed. A new Set-Cookie header is sent in the response with the new session cookie. This causes the framework to issue a new CSRF token (that is part of the session cookie) which is different from the old one that was already rendered into a hidden form input. The browser stores this new token and includes it when it POSTs the form. The token in the body of the request is now different from the one in the cookies, causing the CSRF check to fail. We have tried different devices (Android, Windows, MacBook, and iPads
20
0
14k
Apr ’23
Reply to Open URL with Browser
You should use ASWebAuthenticationSession for this. That error about : and / is to catch a common misunderstanding about schemes: the scheme part of a URL does not include the trailing ://. For example, let's say was we had myscheme://success?authToken=abc. The scheme of the URL would by myscheme, which is the value that you would pass to ASWebAuthenticationSession. You can see this yourself if you ran something like this in a playground: let url = URL(string: myscheme://success?authToken=abc)! print(url.scheme!)
Topic: App & System Services SubTopic: Core OS Tags:
Apr ’23
Open URL with Browser
Hi, Does anyone knows, if I can redirect a user to the broswer, to open authentication pages (ike Google, Facebook or other agents) instead of use the SDK and in-app browsers (like WKWebView/SFSafari)? I need to open a URL provided by backend services, but in ASWebAuthenticationSession I cant use the callbackScheme in the URL, it doesn't allow / and : symbols to close the moda. So, if I can, will my app be accepted by apple to publish on App Store? Or if I can't, how should I fix that problem? Thank you for your help.
1
0
906
Apr ’23
ASWebAuthenticationSession Save Password Dialogue
In developing OPENID / OAuth type web authentication for native apps, I am looking for confirmation that Apple iOS supports Save Password dialogue on the sign-in that occurs in the browser within the ASWebAuthenticationSession webview. Noting that both ASWebAuthentication Session and SFSafariViewController support isolated browser privacy with regards to the app, it should not (theoretically) necessitate domain trust between the App and the domain of the current AS/SF webview as it once did with wkWebViews. Can anyone confirm that Keychain's Save Password dialogue DOES fire on either/both ASWebAuthenticationSession and SFSafariViewController?
1
0
994
Apr ’23