ASWebAuthenticationSession cookie

Hello, I have encountered an issue with an iPhone 15PM with iOS 18.5. The NSHTTPCookieStorage failed to clear cookies, but even after clearing them, I was still able to retrieve them. However, on the same system It is normal on iPhone 14PM. I would like to know the specific reason and whether there are any adaptation related issues. Following code: NSHTTPCookie *cookie; NSHTTPCookieStorage *storage = [NSHTTPCookieStorage sharedHTTPCookieStorage]; for (cookie in [storage cookies]) { [storage deleteCookie:cookie]; }

Hi,I have some questions about how AVPlayer handles updates of a cookie's expiration time.We do something like this:1) Send a GET request to server which sets authentication cookie. This cookie has a short expiration time, CookieExpiryTime.2) Start AVPlayer. The authentication cookie is included in the AES key request.3) Every n minutes (where n is CookieExpiryTime/2), send new GET request to authentication server to get updated cookie expiration time. By logging all cookies in NSHTTPCookieStorage.sharedHTTPCookieStorage() we can see that the expiration time of the cookie is updated.The problem:When a key is requested after the expiration time of the first cookie from 1), the cookie is no longer included in the AES key request.But shouldn't the updated cookie (with extended expiration time) be considered?Question 1) Does AVPlayer filter out expired cookies when doing the AES key requests?Question 2) Does AVPlaye

I have been implementing an sdk for authenticating a user. I have noticed that on iOS 18.5, whether using SFSafariViewController, or the sdk (built on ASWebAuthenticationSession), password autofill does not work. I have confirmed it works on a different device running iOS 18.0.1. Are there any work arounds for this at this time? Specifically for ASWebAuthenticationSession?

I have a sample HTML form that follows the password auto-fill requirements. When navigating to the web page without the app, using the built-in Safari app, the native Password AutoFill dialogs for the login and signup forms correctly show:However, when viewed within the app, the same flow does not trigger the dialog in neither the login or signup submission. It simply dismisses the login/signup screen without any error.This is how my view controller looks like:class ViewController: UIViewController { @IBAction func didTapLoginButton() { let session = ASWebAuthenticationSession( url: URL(string: https://example.com/login.html)!, callbackURLScheme: customscheme) { print($0, $1) } session.prefersEphemeralWebBrowserSession = true session.presentationContextProvider = self session.start() } } extension ViewController: ASWebAuthenticationPresentationContextProviding { func presentationAnchor(for session: ASWebAuthenticationSession) -> ASPresentationAnchor { view.window! } }Is there a way to

I am using SFSafariViewController to authenticate against a website (SAML idP) and retaining my session using a cookie. I opted to use SFSafariViewController because my users could log in to the site using Safari or another app's instance of SFVC to achieve single sign on because as I understand it, the cookie store between native Safari and instances of SFSafariViewController are more or less shared. However, clearing the cookies in Safari settings in the settings app doesn't clear the cookies in my app's instance of SFVC. I have also tried logging out of the site in Safari but the cookie / session is still retained in my app's instance of SFVC.Is this expected behavior from SFVC?Thanks,Lucas

Hi Apple team,Have been exploring the Sign in with Apple in iOS 13 .https://developer.apple.com/documentation/authenticationservices/asauthorizationappleidcredentialOur app has been using Cookie based login and app flow, but with Sign in With the apple as far as i explored there is no option with cookies. Could you please clarify on this .

Please tell me how to keep the cookie of WKWebbview.I'm changing Webview from UIWebView to WKWebview.I can not get session ID (cookie) regenerated by server login authentication and Then I can not log in.It looks like cookie synchronization does not go well.So please tell me how to keep the cookie of WK Webbview.I am programing by the link method belowhttps://qiita.com/yonell/items/bbd45c64a0068f7dc9c3iOS9Swift3Xcode:8.x< login authentication>1.Login authentication with WebAPI　⇒Get PHPSESSID from server2.Send PHPSESSID with MutableURLRequest ※I set PHPSESSID to WKWebview with WKUserScript3.Login authentication with server (using cakephp authComponent)　⇒Regenerate session ID and reset to cookie(PHPSESSID)★　★problem　　The cookie of the request is not updated at the timing of webView (decidePolicyFor: decisionHandler )

Hi,is ASWebAuthenticationSession checking the App Transport Security Settings when it calls the give URL? For example if I configure Certificate Transparency for the domain of URL, will the domains certificate be correctly verified?Background is that we want certificate pinning for our authentication flow and as fare I undertand it that is not possible with ASWebAuthenticationSession. Certificate Transparency can be configured in ATS and if ASWebAuthenticationSession obeys to ATS, that would be a valid replacement for pinning the cert. Thanks!BestAlex

We’re seeing an issue in our Safari Web Extension where not all cookies from the Set-Cookie response header are accessible. We are using macOS 15.4 and Safari 18.4. In the webRequest.onHeadersReceived callback, the Set-Cookie header returned by Safari only includes some of the cookies set by the server. If multiple Set-Cookie headers are present, we seem to receive only a partial list, some cookies are missing entirely. In Chrome and Firefox, the same callback provides all cookies set by the server without issue. We are looking for assistance in fixing these issues and having our Safari Extension function the same as it does in Firefox and Chrome.

In our app we're performing authentication using ASWebAuthenticationSession. SSO seems to work fine in iOS 13 for different paths for the same domain but when running the same app in iOS 14, cookies don't seem to be attached to subsequent requests once authenticated in safari window. I'm not sure if it helps : Looking at the logging in instruments when running the app in iOS 14 device, I can see : 00:09.690.903 Default iOS B2c Sample (1691) CFNetwork Default iOS B2c Sample 0x1631f Faulting in NSHTTPCookieStorage singleton 00:09.690.929 Default iOS B2c Sample (1691) CFNetwork Default iOS B2c Sample 0x1631f Faulting in CFHTTPCookieStorage singleton 00:09.690.944 Default iOS B2c Sample (1691) CFNetwork Default iOS B2c Sample 0x1631f Creating default cookie storage with default identifier (Above logs don't happen in iOS 13) and later in iOS 14: 00:10.113.701 Debug iOS B2c Sample (1691) CFNetwork Default iOS B2c Sample 0x1631c Task <88E60E41-6B7B-4787-ABF6-B65C92C8FF4E>.<1> r

I am implementing an Autofill Application Extension (aka AutoFill Credential Provider). In the app, the user has to sign in once before he/she can use it. I use the standard ASWebAuthenticationSession for the OIDC dance. ASWebAuthenticationSession will open an OIDC sign-in endpoint as a web view in a navigation view. The user has to provide his/her credential. A success sign-in will redirect back to my app extension. All is working fine when I run my app extension in the context of Safari (ie. autofill password on websites). However, when running the app extension in the context of a native app e.g. Strava, the user cannot sign-in because there is simply no keyboard when tapping on a username textfield / password textfield. I have been googling for days for a clue, but so far, no luck. Guys, any idea what could possibly go wrong here? H.Nerd

I am attempting to use ASWebAuthenticationSession for logging into LinkedIn. However, LinkedIn doesn't support callbacks (redirecturi) back to the app. They only support http or https. Problem is they put the token in the redirecturi so if I can't detect it and grab the token/code then I can't move on to next step. I can't seem to figure out how to get ASWebAuthenticationSession to respond to this so I can get the token and move on to next step of autho. Does anyone have any experience in this?

My company offers lesson video for exercise. The video is applied signed cookie from AWS cloudFront infrastructure. When play video directly in iPhone(iPad), generated cookie is set to options like as below play well. let asset = AVURLAsset(url: url, options: cookies) But when try to play via AirPlay2 with other device (smart tv, Apple TV), Video player shows me a can't play. Of course, I implemented resource loader delegate and wrote codes as below func resourceLoader( _ resourceLoader: AVAssetResourceLoader, shouldWaitForLoadingOfRequestedResource loadingRequest: AVAssetResourceLoadingRequest ) -> Bool { guard let cookie = viewModel?.cookie else { return false } var newRequest = loadingRequest.request newRequest.headers = HTTPHeaders(cookie) let connection = URLSession.shared.dataTask(with: newRequest) { data, response, error in switch data { case let .some(data): loadingRequest.contentInformationRequest?.contentType = (response as! HTTPURLResponse).a

I just wrote code for our app to use ASWebAuthenticationSession for 3rd-party authentication (in particular, YUBIKEYS WOOHOO). Our app registers a URI scheme of x-com-kithrup for launch services events, so I used x-com-kithrup-yubi for ASWebAUthenticationSession. Only, I didn't change the back end, so it still redirects to x-com-kithrup://success on a successful login. And... ASWebAuthenticationSession is still calling the handler when it gets a URL with the x-com-kithrup URI, instead of the x-com-kithrup-yubi URI scheme.

I did some research, and I was able to get some cookies from the grabbing it from NSHTTPURLResponse object. this, however, does not contain all the cookies used by WKWebView.- (void)webView:(WKWebView *)webView decidePolicyForNavigationResponse:(WKNavigationResponse *)navigationResponse decisionHandler:(void (^)(WKNavigationResponsePolicy))decisionHandler{ NSHTTPURLResponse *response = (NSHTTPURLResponse *)navigationResponse.response; NSArray *cookies =[NSHTTPCookie cookiesWithResponseHeaderFields:[response allHeaderFields] forURL:response.URL]; for (NSHTTPCookie *cookie in cookies) { [[NSHTTPCookieStorage sharedHTTPCookieStorage] setCookie:cookie]; } decisionHandler(WKNavigationResponsePolicyAllow);}I tried get cookies with WKUserScript like :http://stackoverflow.com/questions/26573137/can-i-set-the-cookies-to-be-used-by-a-wkwebviewbut not get all cookies, please support for me.Thanks,