We use ASWebAuthenticationSession to authenticate users in our app, and we so far relied on an associated domain (universal link) for the last redirection step (callback), instead of a custom scheme, for security reasons. It works fine on iOS <= 15.4.1 (current release at time of writing), but we noticed that the associated domain is no longer detected during the callback on iOS 15.5 (beta 4). As a result, the user ends up on our web app within the ASWebAuthenticationSession view, and the app authentication never finishes. Is anybody experiencing the same issue? Thanks.
Search results for
ASWebAuthenticationSession cookie
1,295 results found
Selecting any option will automatically load the page
Post
Replies
Boosts
Views
Activity
iOS 15.5 RC is out, and the problem is still there. This is a big issue for us. Basically, it seems that ASWebAuthenticationSession and SFSafariViewController no longer detect associated domains URLs if those are triggered by a redirection.
Topic:
App & System Services
SubTopic:
Core OS
Tags:
Is there anyone I could save data to a device with Swift, like how we have cookies for browsers?
Dear Apple,The requirement of my application is that can delete cache/cookies in WKWebview. I tried somthing and it working as well in iOS 9 upwards. But there are no way to do it in iOS 8. Please let me know if there is a way to remove cache/cookies in iOS 8 or it can not remove?#Note: I want to remove cookies immediately, ie stay at WKWebview but click url to another site it will delete.Thanks,Phong Tran.
Would someone please address this issue! I also have new iPads with 15.4.1 which won't run our web app. iPads with 15.3.1 work fine, as well as Android and Windows. I don't think there is any setting we have tried in the OS. The sessionID cookies are tossed by Safari and Chrome in the new iPads, rendering our app unusable even though it's calling pages from the same domain and session. These new iPads expensive are useless to us without a resolution. We have tried everything we can find in this ASP.net configuration to make sure cookies can be shared and are secure.
Topic:
Safari & Web
SubTopic:
General
Tags:
We were running into this same issue. Our fix was to change our app so that any webpage with cookies is not opened inside our app (this includes WebView and SafariKit). Calling UIApplication's open(url: , options: ) instead. Hope this helps.
Topic:
App & System Services
SubTopic:
Core OS
Tags:
Hi guys, We also have similar problem with ASWebAuthenticationSession on 10.15. The issue occurs when Safari is selected as default browser and it is been used for a while before the session starts. When it happens login window does not show up and CompletionHandler is never called. Closing Safari process helps to overcome the issue and the session window appears immediately after the current process is closed. It seems to be something wrong between OS and Safari, which prevents it to behave normally. Any help with the issue would be highly appreciated.
Topic:
App & System Services
SubTopic:
Core OS
Tags:
Hi all; I'm trying to implement ASWebAuthenticationSession on MacOS. The application must be able to open the default browser to interact with the IdP. The implemented code is basic, since what I am trying to understand is how to configure the framework to be able to open the system browser. Based on the documentation I observe this: A browser loads and displays the page, from which the user can authenticate. In iOS, the browser is a secure, embedded web view. In macOS, the system opens the user’s default browser if it supports web authentication sessions, or Safari otherwise. That is, it implies that this would be valid only for iOS, since a view is required where the content can be anchored. With which my understanding is that for MacOS that is not necessary, since the system browser is used. However, when I try to compile the base example, Xcode throws the following message: _Domain=com.apple.AuthenticationServices.WebAuthenticationSession Code=2 Cannot start ASWebAuthenticationSession wi
An iOS application of ours we develop for a client was recently rejected as it was claimed we violate Guideline 5.1.2. The App Review team's justification was: We noticed your app accesses web content you own where you collect cookies. Cookies may be used to track users, but you do not use App Tracking Transparency to request the user's permission before collecting data used to track. The App Review team included a screenshot of our client's website which they had navigated to via a button found in our client's SSO login flow. Their main website has a cookie policy which seems to be the cause of the rejection. Clearly our client's main website should not be accessible via their SSO login flow but this opens a wider question and concerns from our client. We open the SSO login flow within an ephemeral ASWebAuthenticationSession. The documentation of which states: Set prefersEphemeralWebBrowserSession to true to request that the browser doesn’t share cookies or other
Topic:
App Store Distribution & Marketing
SubTopic:
General
Tags:
App Tracking Transparency
Safari Services
Authentication Services
No response received on this from Apple, instead we fixed our issue where it was possible to open the company website from within the ASWebAuthenticationSession. Honestly my anecdotal experience so far is that if someone from the App Review team sees the word Cookies then they will instantly reject the app without considering context or technology.
Topic:
App Store Distribution & Marketing
SubTopic:
General
Tags:
Hey Thomas Did you get an answer from Apple. We share a similar predicament, where there is no API on ASWebAuthentication to extract cookies from the iOS app and would not not in violation of Guideline 5.1.2.
Topic:
App Store Distribution & Marketing
SubTopic:
General
Tags:
Hi,I have some questions about how AVPlayer handles updates of a cookie's expiration time.We do something like this:1) Send a GET request to server which sets authentication cookie. This cookie has a short expiration time, CookieExpiryTime.2) Start AVPlayer. The authentication cookie is included in the AES key request.3) Every n minutes (where n is CookieExpiryTime/2), send new GET request to authentication server to get updated cookie expiration time. By logging all cookies in NSHTTPCookieStorage.sharedHTTPCookieStorage() we can see that the expiration time of the cookie is updated.The problem:When a key is requested after the expiration time of the first cookie from 1), the cookie is no longer included in the AES key request.But shouldn't the updated cookie (with extended expiration time) be considered?Question 1) Does AVPlayer filter out expired cookies when doing the AES key requests?Question 2) Does AVPlaye
It appears that, on initialization, an AVURLAsset has a copy of the cookies from HTTPCookieStorage.shared.cookies, unless otherwise specified with the options parameter. This array of HTTPCookie is merely a copy of iOS's cookie store at the time of initialization. If the OS's cookie store updates, the player/asset does not begin to use the most up-to-date cookies, instead using its original copy. How can I go about updating the player's/asset's cookie store to the current, most up-to-date, cookie store?
We are developing a website which is exchanging cross site cookies. Since, the default settings for safari is to prevent the cross site tracking, the cookie is not passed in the calls, impacting the further functionalities.Is there any way to detect the current safari cookie settings using Javascript?
Apple’s documentation is clear for third party cookies, but what’s with technical cookies those needed for the website to function correctly? Eg. Cookies those determine if a popup is needed to show again or not