Search results | Apple Developer Forums

Reply to How to get Password AutoFill to work with ASWebAuthenticationSession?

Matt, In an ASWebAuthenticationSession, using the default browser, we do not get the prompt to save/store passwords in keychain. Ironically, we DO get the autofill from keychain on subsequent visits IF we have the password stored from a regualr web session in Safari. What are we missing in terms of Saving credentials via the prompt in an ASWebAuthenticationSession?

App & System Services Core OS

Mar ’23

Reply to Using WKWebView and a yubikey?

Passkeys and security keys are supported in WKWebView, if the RPID is for an Associated Domain using the webcredentials association. In this case that means only Google-owned apps will be able to authenticate to a Google URL. If you need a web view to authenticate to a domain you don't own, you should use ASWebAuthenticationSession.

Safari & Web General

Mar ’23

Can we disable ITP in a Safari web extension new tab page?

Can we disable ITP for Safari web extension pages (including the new tab page)? Extension pages are trusted views as the user has installed the extension and granted permissions. ITP adding storage and cookie isolation here affects functionality for any embedded frames in extension pages. StorageAccess API i also not useful here since the GUID of the parent extension page will change every time the browser launches, nullifying the granted access.

Safari & Web General Safari Safari Extensions

1

0

1.1k

Mar ’23

ASWebAuthenticationSession opening wrong browser

We're using ASWebAuthenticationSession to kickstart the auth flow in our Mac app. Most of the time when we start the auth session, Chrome is launched and authentication flow proceeds as expected (because Chrome is the default browser). On the same machine with same configuration, some times Safari is launched. What might be wrong ?

App & System Services Core OS Authentication Services

1

0

919

Mar ’23

Reply to Expired Cookie Returned in document.cookie

Hi, Facing the same here. It is a big problem for any applications with SSO relying on cookies. Did you find a solution? document.cookie still returns old deleted cookies leading to many unexpected behavior. Chrome and firefox works perfectly fine. Thank you

Safari & Web General

Mar ’23

Reply to Safari: Cookies stored under Storage > Cookies do not match the ones listed on document.cookie

I am facing exactly the same issue. document.cookie does not contain the same as what is displayed in the Storage > Cookies tab. The deleted cookie from application A a.mydomain.com (set on parent domain: mydomain.com) on logout is not visible from the panel of the application B tab. This is the expected behavior. But the cookie is still in document.cookie in application B leading to many side effects, even after refreshing the page. It is like as if document.cookie is not refreshed properly. On the opposite, chrome and firefox are working as expected. Did you find a solution? I guess this is a major bug on safari.

Safari & Web General

Mar ’23

Support of Service workers

Hello, I need to have services workers in a webview in my app for offline purpose. Is there a way to have support for service workers without having to declare WKAppBoundDomains? WKAppBoundDomains does not suit me because I have too many domains to declare for it to work. Even if i register base domains of my app, there are many partners urls to open in my app. But I can't open them in webview with WKAppBoundDomains, and can't open in SFSafariViewControllers cause it needs cookies from my app for auto connect purpose. Thank you in advance for your help.

App & System Services Core OS iOS WebKit

0

902

Mar ’23

Reply to developer.apple.com is down

I'm also getting this on Firefox and Chrome, but unsurprising it works fine on Safari... Just Apple doing Apple things. But anyways, go into your browsers Inspector, click on storage, and delete all cookies associated with https://developer.apple.com/ That worked for me.

Developer Tools & Services Xcode

Mar ’23

Reply to Hidden ASWebAuthenticationSession and Review Guidelines

How can you able to hide ASWebAuthenticationSession's web browser from UI?

App & System Services Core OS

Mar ’23

Reply to Is "associated domain" is a must for AuthenticationServices?

The ASAuthorization family of APIs is for signing in to services that you own. They work by releasing user credentials or other authentication information directly to your app, so they shouldn't be used for credentials that aren't yours. Signing in to other services, such as google.com, generally uses something like an OAuth flow. ASWebAuthenticationSession is an API from AuthenticationServices that makes doing OAuth really easy.

App & System Services Core OS

Mar ’23

Reply to ASWebAuthenticationSession crashes Chrome on MacOS

Hi, Thanks for responding. I stated above that I'm using https as the callback scheme and that I'm using Universal Links instead of a custom scheme. But, I forgot to mention the following sanity checks: I've confirmed that: universal links are correctly configured and working as expected the scheme passed to ASWebAuthenticationSession doesn't contain any special characters and matches authURL’s scheme (https) my system, including Chrome, is up to date I’ve tried: clearing all cache and cookies on Chrome disabling all extensions on Chrome an alternate https-based redirect If you tell me which logs would be helpful, I can send them to you. Is there some way to send them without attaching them here? Also, you said: Safari will ignore http/https, but other browsers might get confused. I'm guessing you meant to say Safari will not ignore http/https. If so, does this mean implementing OAuth using ASWebAuthenticationSession with an https redirect scheme and Universal Links only works with

Programming Languages Swift

Feb ’23

Getting stuck while authenticating using ASWeb and certificate

Hi All, I am getting stuck while authenticating using ASWebAuthenticationSession. When I am authenticating using a certificate(provided through the MDM profile) the ASWebAuthenticationSession window is stuck with the following image shown in the window. It seems that the ASWeb is not redirecting to customSchemeURL so that we can pick up the authorization code from there. Strangely enough, when we cancel the flow and again retrigger the authentication everything works fine. This scenario happens only once for a fresh installation. Any idea how to resolve the issue?

App & System Services Core OS Authentication Services

2

0

875

Feb ’23

ASWebAuthenticationSession crashes Chrome on MacOS

Dev environment: MacbookPro, Ventura 13.0.1 XCode 14.1 I’m implementing a feature for an existing MacOS application, which will allow users to launch zoom meetings from the application, and am trying to use ASWebAuthenticationSession to implement OAuth2. I’ve confirmed that universal links are correctly configured and working for the app (which is using an https-based redirect URI). In my app delegate, I’ve implemented the following for universal links: - (BOOL)application:(NSApplication *)application continueUserActivity:(NSUserActivity *)userActivity restorationHandler:(void (^)(NSArray> *restorableObjects))restorationHandler { if ([userActivity.activityType isEqualToString: NSUserActivityTypeBrowsingWeb]) { NSURL *url = userActivity.webpageURL; if ([url.path containsString:[NSString stringWithStdString:Zoom::kFragment]]) { std::string urlStr((url.absoluteString).stdString); //DBG DialogFactory::GetInstance()->Message(Universal links handler - AppDelegate: Handling response: + urlStr); //DBG

Programming Languages Swift macOS Swift Objective-C Authentication Services

2

0

1.2k

Feb ’23

Reply to Unable to implement OAuth2 using ASWebAuthenticationSession

Update: For reasons I don't understand, if I encode the auth request url like this: NSString* urlEncStr = [nsUrlStr stringByAddingPercentEncodingWithAllowedCharacters:NSCharacterSet.URLHostAllowedCharacterSet]; before handing it to ASWebAuthenticationSession, chrome doesn't crash. But it doesn't bring up the login page either (see attached screenshot). I've tried other character sets but no success. Here's my code: import AppKit import AuthenticationServices @objc extension FMViewController : ASWebAuthenticationPresentationContextProviding { @objc public func userLogin(){ guard let oauthMgr : FMZoomOAuthMgr = self.oauthDelegate else { return } /* getAuthURL() returns (for example): 'https://zoom.us/oauth/authorize?response_type=code&client_id=XXXXXX&redirect_uri=https://rev5.XXXXXXX.com/fdv13/zoom&code_challenge_method=S256&code_challenge=l4mqprM9XscfUNQL-s1P0O7gNc6fxDM5dnM2THuaKqc' */ guard let authURL = oauthMgr.getAuthURL() else {return} /* getScheme() returns 'https' */ guard let

App & System Services Core OS

Feb ’23

Reply to Unable to implement OAuth2 using ASWebAuthenticationSession

Hi, Thanks for the response. I've confirmed that both the scheme passed to ASWebAuthenticationSession and the redirect URL scheme are both https. Also that the scheme being passed in doesn't contain any special characters. To be clear, when Safari is the default browser, I'm able to successfully obtain an auth code. But this auth code is obtained by my app delegate (in application:continueUserActivity:restorationHandler: ) instead of the session handler passed to ASWebAuthenticationSession. When safari isn't the default browser, the browser (chrome or firefox) crashes before presenting the login page. Thanks.

App & System Services Core OS

Feb ’23

ASWebAuthenticationSession cookie

Post

Replies

Boosts

Views

Activity