We need to append some values in the User-Agent HTTP header for our SSO flows. We use the ASWebAuthenticationSession class as you should, but I can't find any information on how to modify the headers in this web view. I have tried setting the global user agent via UserDefaults.standard.register(defaults: [UserAgent: fakeUserAgent]) While it does change the User-Agent in WKWebView, it seemingly does not impact the ASWebAuthenticationSession. There are also no configuration settings to change headers or User-Agent on ASWebAuthenticationSession. Is it not possible by security design?
Search results for
ASWebAuthenticationSession cookie
1,295 results found
Selecting any option will automatically load the page
Post
Replies
Boosts
Views
Activity
It appears that, on initialization, an AVURLAsset has a copy of the cookies from HTTPCookieStorage.shared.cookies, unless otherwise specified with the options parameter. This array of HTTPCookie is merely a copy of iOS's cookie store at the time of initialization. If the OS's cookie store updates, the player/asset does not begin to use the most up-to-date cookies, instead using its original copy. How can I go about updating the player's/asset's cookie store to the current, most up-to-date, cookie store?
It looks like there are two questions here so I will address each separately: I would like to make an authentication challenge to the browser (Safari) to allow users log in my application. For web based client authentication challenges, HTTP Basic or Client Certificate, in a native app you could look at using WKWebView. For example, the following is certainly not exhaustive but should get you going: func webView(_ webView: WKWebView, didReceive challenge: URLAuthenticationChallenge, tttttt completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) { tt ttif challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust { tttt/* Evaluate Server Trust etc.. */ tt} ttelse if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodHTTPBasic { tttt/* HTTP Basic */ tt} ttelse if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodClientCertificate { tttt/* Client Certificate */ tt} ttelse { tttt/* Default fallback
Topic:
Programming Languages
SubTopic:
Swift
Tags:
We're using ASWebAuthenticationSession and whenever no errors occur, all is well. However, if there's an error generated by our OAUTH web endpoint, the authentication session's UI is automatically dismissed. And, right at the beginning of its dismissal, our callback is called. But if we attempt to show say an error alert, or even present the prior view controller, we get errors like: Attempt to present <UINavigationController: ...> on <MainViewController: ...> while a presentation is in progress!In looking at the documentation, I see no way to tap into the authentication session's UI dismissal. Is there any way to defer work until after the session's UI is dismissed?For now, we're using a hack where we 'perform with selector' after a one-second delay. But I don't want to rely on that whatsoever.Here's the gist of our code:// In our main view controller... private var webSession : ASWebAuthenticationSession? func presentAuthorization(withURL aURL: URL) { webSession = ASWebAuthenticationSession
So, in iOS14 beta 3 I get the error com.apple.AuthenticationServices.WebAuthenticationSession error 2. when ever I arttempt ASWebAuthenticationSession.
When opening a session to log into my website, there is, if exists, information stored in IndexDB we are trying to access from a previous session. Ideally, information from living in Safari, but would settle for information in the parent app or instance. My understanding was information 'like cookies' was available, but documentation is seemlingly vague around this topic. I have struggled to find anything explaining the availability of IndexDB specifically, although it does work in one case (I'm about to experiment with it, so I just know of one now). Upon first loading of the page, a get call: const ids: string[]; const results = await this.db.entities.bulkGet(ids); In the logs, I see there is this error: _e: Error: Error name: AbortError message: The operation was aborted. AbortError: The operation was aborted. inner: DOMException: The operation was aborted. Immediately after, because there is supposed to be some result from the database, the site creates a new entity, and stores it with no issue.
In developing OPENID / OAuth type web authentication for native apps, I am looking for confirmation that Apple iOS supports Save Password dialogue on the sign-in that occurs in the browser within the ASWebAuthenticationSession webview. Noting that both ASWebAuthentication Session and SFSafariViewController support isolated browser privacy with regards to the app, it should not (theoretically) necessitate domain trust between the App and the domain of the current AS/SF webview as it once did with wkWebViews. Can anyone confirm that Keychain's Save Password dialogue DOES fire on either/both ASWebAuthenticationSession and SFSafariViewController?
Unicode values in cookies creating issue while loading the page url inside the iOS application. Web view is failing every time while reading the cookies and return my web page to login screen. Flow of app: We are using Chinese characters in the user name. Once we launch the url in native app webpage, cookies contains the username with it as provided, but it converted to unicode which makes cookies corrupted. Can anyone help me on this? Thanks in advance. Manoj
Below is my code snippet:/*cookie attached in request part*/ NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:httpsURL cachePolicy:NSURLRequestReloadIgnoringLocalAndRemoteCacheData timeoutInterval:5.0f]; [request setValue:@cookie1=value1 forHTTPHeaderField:@Cookie]; /*cookie attached using NSHTTPCookie*/ NSMutableDictionary *cookieProperties = [NSMutableDictionary dictionary]; [cookieProperties setObject:@cookie2 forKey:NSHTTPCookieName]; [cookieProperties setObject:@value2 forKey:NSHTTPCookieValue]; [cookieProperties setObject:[request URL].absoluteString forKey:NSHTTPCookieOriginURL]; [cookieProperties setObject:@/ forKey:NSHTTPCookiePath]; NSHTTPCookie *cookie = [NSHTTPCookie cookieWithProperties:cookieProperties]; NSArray *arr = [NSArray arrayWithObjects:cookie, nil]; [request setAllHTTPHeaderFields:headers];Question:Now using the above configuration does my connection consider both the cookies during the request?
Hi All, We have started seeing crash with iOS 14.5 for ASWebAuthenticationSession's callbackURLScheme. Is anybody seeing the issue? Is this an intentional change in iOS or a bug? AuthenticationSession] The provided scheme is not valid. A scheme should not include special characters such as : or /.** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: 'The provided scheme is not valid. A scheme should not include special characters such as : or /.' Regards, Nimesh
Hi, I'm using AsWebAuthenticationSession to log into a server using Oauth 2.0 and it works the first time, but then if I start the app again it returns the error: The operation couldn't be completed.(com.apple.AuthenticationServices.AuthorizationError error 3) that I see in the documentation is presentation context invalid but I don't see any explanation or way to avoid it. Also, I don't understand how the error can sometimes happen and sometimes not. It is also curious that the application is not listed in Settings. Thanks Maria
Is it possible to display an ASWebAuthenticationSession or a WKWebView in the context of an auth plugin? I'm currently able to display a custom UI in a window whose canBecomeVisibleWithoutLogin is set to true as part of my unprivileged mechanism. I tried using ASWebAuthenticationSession and making my window the presentationContextProvider for the session but it doesn't work. I also tried displaying a webview but it doesn't render. I checked the nav delegate calls and the navigation is failing with the request timing out. Is there any config or trick to make either of them work? Oh also, URLSession data task calls are also failing with request timing out from my mechanism. I'm guessing there's some restriction related to networking in general?
I am using appauth pods for authentication (https://github.com/openid/AppAuth-iOS) and was wondering how Safari webkit is managing the application context for the cookies saved while authentication. I made sure I have a successful authentication then I tried few combinations to understand failed authentication behavior and tried to compare with my mac safari developer tools. What caught me off guard was that the safari webkit cookies were not visible to me programmatically. I am using below code to get the cookies. HTTPCookieStorage.shared.cookies(for: URL(string: https://(targetDomain))!) I also tried using developer console for mobile safari kit but as soon as the authentication flow gets completed the view is destroyed and information gets lost. So has anyone have come across this situation and figured how safari web kit isolates the cookies visibility.
Is there a way (in code or on the OAuth2 server/webpage) to specify the desired window size when using ASWebAuthenticationSession on macOS? I haven't found anything, and we would prefer the window to be narrower. For one of our users, the window is even stretched to the full screen width which looks completely broken…
I have noticed that there is a new initializer for ASWebAuthenticationSession in macOS 14.4. The standard initializer has been deprecated without further info. The new initializer looks as follows: init(url: URL, callback: ASWebAuthenticationSession.Callback, completionHandler: ASWebAuthenticationSession.CompletionHandler) This initializer takes a callback object for class ASWebAuthenticationSession.Callback. But this class cannot be initialized and also not be subclassed. When you try to do this there will be the following error in Xcode 'init()' is unavailable The documentation also does not give any hint on how to use it, it just defines 2 class methods and a method called func matchesURL(URL) -> Bool which could mean that by using this method you could match any arbitrary URL to continue the process. Has anyone figured out what to do with this?