ASWebAuthenticationSession cookie

I've been unable to submit my app for over 10 days due to App Store Connect UI issues. I've contacted Apple Support (Case #102715606681) but haven't received a response in 3 days. App Details: App: IMPULSE404 Bundle ID: com.sophie.impulse404 Apple ID: 6752914939 Version: 1.0 (Prepare for Submission) Build 12 uploaded successfully to TestFlight Issues: Cannot change build: Build 12 is available in TestFlight, but I cannot switch from build 11 to build 12 in my app version. The usual option/button to change builds is not appearing. In-App Purchases section unresponsive: When I click Select the in-app purchases or subscriptions... nothing happens. I cannot attach my subscription (impulse404_premium_monthly_v2) which is Ready to Submit. What I've Tried: Multiple browsers (Safari, Chrome) Cleared cache and cookies Logged out and back in Restarted computer Different devices Waited 3+ days Impact: This is blocking my entire app launch and costing me significant money in delays. The app and subscription are

Hi! I'm trying to implement ASWebAuthenticationSession to log in to my app via the web app backend. However, I'm a bit confused about the cookies that this has access to. When I set prefersEphemeralWebBrowserSession=false it does not seem to use the cookies from Safari. Or at least, I'm logged into my web app in Safari, but when I use ASWebAuthenticationSession I still have to log in again. Does it not share session cookies with Safari? I did notice that if I don't use an ephemeral session, once I log out and try to log back in my app does automatically log me in but that's actually unhelpful in my opinion because now I have no way to clear that session because it only lives in the ASWebAuthenticationSession context. If that's the case I may as well use the ephemeral session then because it seems to have only drawbacks.

Problem Description: In our App, When we launch the web login part using ASWebAuthentication + Universal Links with callback scheme as https, we are not receiving callback. Note: We are using SwiftUIWebAuthentication Swift Package Manager to display page in ASWebAuth. But when we use custom url scheme instead of Universal link, app able to receive call back every time. We use .onOpenURL to receive universal link callback scheme.

I am working on implementing mTLS authentication in my iOS app (Apple Inhouse & intune MAM managed app). The SCEP client certificate is deployed on the device via Intune MDM. When I try accessing the protected endpoint via SFSafariViewController/ASWebAuthenticationSession, the certificate picker appears and the request succeeds. However, from within my app (using URLSessionDelegate), the certificate is not found (errSecItemNotFound). The didReceive challenge method is called, but my SCEP certificate is not found in the app. The certificate is visible under Settings > Device Management > SCEP Certificate. How can I make my iOS app access and use the SCEP certificate (installed via Intune MDM) for mTLS requests? Do I need a special entitlement, keychain access group, or configuration in Intune or Developer account to allow my app to use the certificate? Here is the sample code I am using: final class KeychainCertificateDelegate: NSObject, URLSessionDelegate { func urlSession(_ session: URLSes

I have now signed out of my account in Xcode, quit the application, signed back in, and also cleared the Xcode derived data and cache. However, I am still receiving the 401 Unauthorized error Any operation related to Xcode Cloud (e.g., viewing the dashboard, creating a workflow) fails immediately across all Xcode projects, including brand-new empty projects. The error is consistent and always appears as: API Invalid status code: 401. Domain: XcodeCloudCombineAPI.XCCResponseError Code: 1 System Information: macOS Version 15.6.1 (Build 24G90) details : Error alert: API Invalid status code: 401.: XCCResponseError(responseErrorType: XcodeCloudCombineAPI.XCCResponseError.XCCResponseErrorType.invalidStatusCode(XcodeCloudCombineAPI.LegacyHttpStatus.unauthorized), requestUrl: Optional(https://appstoreconnect.apple.com/ci/api/teams//apps/find?bundle_id=), traceId: Optional(2ab09bea8da9ef39), retryAfterSecsStr: nil, response: Optional( { URL: https://appstoreconnect.apple.com/ci/api/teams//apps/find?bundle_id=} { Statu

Hello, I’m experiencing an issue in the Apple Developer portal when trying to manage my App ID capabilities. Whenever I try to enable or disable a capability and click Save, the page shows the loading spinner but then nothing is saved. App ID: com.kangarli.lucary Team ID: (my Apple Developer account’s Team ID) Tested on different browsers (Safari, Chrome), cleared cache and cookies The issue affects all capabilities, not just Associated Domains Other sections of the Developer portal work normally Is this a known issue with the Developer portal, or is there any workaround? Thanks in advance.

Any operation related to Xcode Cloud (e.g., viewing the dashboard, creating a workflow) fails immediately across all Xcode projects, including brand-new empty projects. The error is consistent and always appears as: API Invalid status code: 401. Domain: XcodeCloudCombineAPI.XCCResponseError Code: 1 System Information: macOS Version 15.6.1 (Build 24G90) details : Error alert: API Invalid status code: 401.: XCCResponseError(responseErrorType: XcodeCloudCombineAPI.XCCResponseError.XCCResponseErrorType.invalidStatusCode(XcodeCloudCombineAPI.LegacyHttpStatus.unauthorized), requestUrl: Optional(https://appstoreconnect.apple.com/ci/api/teams//apps/find?bundle_id=), traceId: Optional(2ab09bea8da9ef39), retryAfterSecsStr: nil, response: Optional( { URL: https://appstoreconnect.apple.com/ci/api/teams//apps/find?bundle_id=} { Status Code: 401, Headers {n Content-Length = (n 0n );n Date = (n Fri, 05 Sep 2025 10:04:07 GMTn );n Server = (n nginxn );n Set-Cookie = (n dqsid=; Expires=Thu, 01 Jan 1970 00:00:00 GMT; P

Is ServiceWorker supported on WKWebView? As per Mozilla Developer Network(MDN Web) docs[1] its not supported, but our research shows that ServiceWorker becomes available for a domain in WKWebView 1) if the domain is allowlisted in app-bound domains[2] or 2) if app is registered as default browser(this can not be considered for our app as its not a browser). How to enable ServiceWorker on WKWebView? Is adding domain as app-bound domain the right/only way to enable ServiceWorker on WKWebView? We didn't find any official documentation about this. Can WebView get ServiceWorker support by default without enabling app bound domains since that is not an option for our app? Our app needs to support more than 10 domains. Powerful APIs such as JavaScript injection, cookie manipulation, event handlers are by default available to all domains/WebView instances even if App doesn't enable app-bound domains. Is it possible to do same for ServiceWorker? If ServiceWorker can not be supported by default then can Apple

I’m trying to update the Domains and Redirects section for my Services ID configuration in Apple Developer (for Sign in with Apple). When I add new domains and click Save, nothing happens. In the browser console, I see a network request that fails with: PATCH not supported What I’ve tried so far: Logging out/in and refreshing the page Clearing browser cache and cookies Trying in Safari, Chrome, and incognito mode Verifying domain formatting (HTTPS, no trailing slash, domain is live) The issue persists in all browsers I’ve tested. Request: Is this a known issue with the Developer portal, or is there an alternative method to update my Services ID domains? Any guidance would be appreciated. Thanks,

iOS 13 seemingly changed the way Safari handles their save password prompt. In pre-iOS 13, when Safari detected that a user successfully logged into a website, it would show the save password prompt and pause the loading of the site before it could proceed to the next page.Our implementation was unknowingly relying on this pause. Now in iOS 13, instead of pausing, Safari will continue to load the next page while the save password prompt sits in the foreground. This is normally not an issue for most situations since the next page that the user is being redirected to is most commonly another website which means Safari is still open and therefore so is the save password prompt. In our circumstance though, the login will redirect the user back into the app which closes Safari and the save password prompt along with it. This means the user has less than a second before the password prompt disappears.Does anyone have a solution to this? It would be great if the pre-iOS behavior could be reapplied somehow. Or if ano

It seems Safari 18's fetch() does not include credentials even credentials: include and safari extension has host_permissions for that domain. Is there anyone has this problem? I try to request in popup.js like this: const response = await fetch( url, { method: 'GET', mode: 'cors', credentials: 'include', referrerPolicy: 'no-referrer', } ); and it does not include the cookie from host_permissions. Those code worked in Safari 17 (macOS Sonoma).

When CHIPS was introduced in 18.4 it worked well, however on 18.5 it does not appear to work. There do not appear to be release notes about this in 18.5, so can someone provide definitive if this is a defect that will be fixed, or have they already been deprecated?