ASWebAuthenticationSession cookie

We are injecting cookies using a nonPersistent() data store before creating the WKWebView (on completion). This works fine on prior versions (and I know Xcode 14 is in beta) but is no longer working in Xcode 14 / iOS 16 simulators and I see no posts, bugs raised or release notes for this so I'm raising it here to see if anyone else is experiencing this? I can see that the cookies are present in the WKHTTPCookieStore accessed via webView.configuration.websiteDataStore.httpCookieStore.getAllCookies. But both Safari debugging and our JS code embedded on the site can see no cookies.

We have a notification service extension which does silent login to our backing to get and update notification content. Login response comes with HTTP header Set-Cookie which adds session cookie used to identify login session. Then in the app we have actions registered for the corresponding category identifier. Both actions result in requests to our backend which also require session cookie. Both extension and the app have AppGroup entitlement and use same app group. Then we configure HTTPCookieStorage: let cookieStorage = HTTPCookieStorage.sharedCookieStorage(forGroupContainerIdentifier:) let configuration = URLSessionConfiguration.default configuration.httpCookieStorage = NetworkClient.cookieStorage And we do use the very same configuration for all requests in extension / app, however when the app is spawned in the background after user taps one of the notification actions, the cookie storage in the app is empty. Although beforehand the cookie is set in the exten

So ive been trying to make storage on my phone since its been pretty full for a while. Im currently putting all my photos onto icloud. And i deleted a bunch of apps. But the “System” category is taking 7.44 GB of my storage and “Other” is taking up 9.47 GB and i think thats outrageous. I have an iphone 7 and i think ive had it for about 2 years. Rn the largest app taking up space is photos with about 5 GB and the rest have under 400 MB. ive gotten it down to about 25 GB but system and other is taking up most of that. Ive already cleared my safari history and cookies and cleared ALL my messages bc i dont have minutes and dont use messages i use insta, and these numbers are after i did that. What can i do? im gonna try backing it up and restarting it or whatever but its saying i dont have enough space on icloud for a backup even though its 4/5ths empty with 4 GB of empty space.

Hi, we are trying to put our App into App Store but experiencing issues because we don't know how to proceed with the feedback Guideline 5.1.2 - Legal - Privacy - Data Use and Sharing (see below) We do not use App Tracking but in our app we have iFrames from the web platform, where a cookie banner is shown and asking for permission (responsive). We tried to add the App Transparency Pop Up and even made it mandatory to use the app, but still got rejected. Should be probably hide the cookiebanner for App iframes and add Add Tracking Transparency Pop Up? Guideline 5.1.2 - Legal - Privacy - Data Use and Sharing We noticed your app accesses web content you own where you collect cookies. Cookies may be used to track users, but you do not use App Tracking Transparency to request the user's permission before collecting data used to track. Starting with iOS 14.5, apps on the App Store need to receive the user’s permission through the AppTrackingTransparency framework before collecting data u

I have to say Safari's (webkit) implementation of Intelligent Tracking Protection (ITP) and the Storage Access API has been challenging to get right. Situation: We have a company that has grown through acquisition and we are trying to implement a unified authentication scheme that uses cross-domain access to tokens stored in cookies Each portal implementing the scheme will have an iframe that hosts a component from an authentication domain and will use postMessage() to check for the existence of the necessary authentication token. The initial implementation worked for Chrome/Edge/Opera/other Chromium browsers, but needed to be adjusted to implement the Storage Access API to allow the authentication component to request 1st party storage access. This worked as documented in Firefox Safari throws an exception when requestStorageAccess() is called and the error object is undefined Here is some examples of the relevant code: Iframe Authentication Component const authorizeStorageAccess = async () => {

I have used Safari as my primary browser for years now and it has evolved. Some very good updates and some bad. I have noticed since iOS 14 I believe when Apple started slowly implementing more security features that pages would show up wonky or unresponsive at times, but a clear browsing history and cookies would fix this issue. Then in iOS 15 and now 16b1 it’s become almost unusable on certain pages. Again these issues have been ongoing since the updated security features started rolling out and in non beta releases For example. Some pages won’t load completely or when you try to use a drop down menu the pictures would overlap the drop down. Resets or clearing cookies/cache, history would not fix this issue. Even turning off some of the privacy features wouldn’t resolve this. Menus have become unresponsive, ie. registering a new user on a forum. The menus would are static with no way to change or update your dob or address. I hope this makes sense so far. So here is what I have turned on a

Hi. The registration process with WebAuthn works fine and expected. As we use the same code on both android and ios, we dont use discoverable credentials, but instead saves the credential-id in a cookie. If an user deletes his cookie, we can not see if the user has registered previously without prompting the user for registration again. This is okay, and if we get an InvalidStateError (because the user is already registered) we let the user think he has registered again, and just creates a new cookie. The problem is: When the navigator.credentials.create is called, the InvalidStateError is catched immideately, before the user have time to do anything about the faceID prompt which shows. When the InvalidStateError is caught, the Registration Completed page shows. This means the completed page is shown behind the face-id prompt, which is very confusing for the user. How can the registration be completed if the face-id prompt is not finished? On Windows, the error is not thrown before

Many thx to Garrett Davidson for his exceptional WWDC2022 presentation: https://developer.apple.com/videos/play/wwdc2022/10092/ Basic question, how is the the private key for a passkey stored on a local device (let's say within the Edge or Chrome browser)? Is it in an encrypted cookie? If so, how is the local encryption done?

We use ASWebAuthenticationSession to authenticate users in our app, and we so far relied on an associated domain (universal link) for the last redirection step (callback), instead of a custom scheme, for security reasons. It works fine on iOS <= 15.4.1 (current release at time of writing), but we noticed that the associated domain is no longer detected during the callback on iOS 15.5 (beta 4). As a result, the user ends up on our web app within the ASWebAuthenticationSession view, and the app authentication never finishes. Is anybody experiencing the same issue? Thanks.

Hi all! Right now I'm trying to implement the SSO (single sign-on) feature for my applications. I have the common-auth domain and a couple of apps (domain AAA and domain BBB). While I'm in domain AAA I sign in with the common-auth domain and got an access token (JWT) as a cookie. Then I continue interactions with the AAA domain. After that, I open the domain BBB in a new tab. The application automatically makes a query to the common-auth server. I expect that the access token cookie, which I got from AAA, will be added to the query. But it's not. I can't fully understand why it's not working. Everything is fin in Chrome, IE, and Firefox. Obviously, there are some restrictions with cookies in Safari. But I'm just a backend developer and right now feel a bit frustrated. How can I bypass that problem? What parameters should I add to the cookie to handle cookie sharing? Would be appreciated any advice or links to docs. PS. I won't use cookies for tracking or f

I have been working with react.js and capacitor/ionic using firebase as DB, But while running app on simulator the app stuck on login page it does not login. After R&D we get to know there is some DiskCookieStorage the cookies are not stored in IndexedDB of WKWebView in ios app. Is there any way to resolve this issue.