ASWebAuthenticationSession cookie

Subject: iOS 26 WKWebView: Remote Pages Become Unresponsive After Loading Local HTML Files Description We're experiencing a critical issue with WKWebView in a React Native 0.64.3 application where remote web pages become completely unresponsive after loading local HTML files in iOS 26. It works well before iOS26. Environment: React Native 0.64.3 iOS 26.0 Xcode 26.0.1 Using custom WKWebView implementations in Native modules Problem Details App loads local HTML files using loadFileURL:allowingReadAccessToURL: Later, when loading remote pages via loadRequest:, the remote pages load successfully but become unresponsive to user interactions This occurs even when using different WKWebView instances The issue is reproducible 100% of the time once a local file has been loaded Restarting the app and loading remote pages directly works fine Code Example: // Loading local file (works fine) [self.webView loadFileURL:localFileURL allowingReadAccessToURL:accessURL]; // Later, loading remote page (loads but becomes unrespon

I've been unable to submit my app for over 10 days due to App Store Connect UI issues. I've contacted Apple Support (Case #102715606681) but haven't received a response in 3 days. App Details: App: IMPULSE404 Bundle ID: com.sophie.impulse404 Apple ID: 6752914939 Version: 1.0 (Prepare for Submission) Build 12 uploaded successfully to TestFlight Issues: Cannot change build: Build 12 is available in TestFlight, but I cannot switch from build 11 to build 12 in my app version. The usual option/button to change builds is not appearing. In-App Purchases section unresponsive: When I click Select the in-app purchases or subscriptions... nothing happens. I cannot attach my subscription (impulse404_premium_monthly_v2) which is Ready to Submit. What I've Tried: Multiple browsers (Safari, Chrome) Cleared cache and cookies Logged out and back in Restarted computer Different devices Waited 3+ days Impact: This is blocking my entire app launch and costing me significant money in delays. The app and subscription are

Hi! I'm trying to implement ASWebAuthenticationSession to log in to my app via the web app backend. However, I'm a bit confused about the cookies that this has access to. When I set prefersEphemeralWebBrowserSession=false it does not seem to use the cookies from Safari. Or at least, I'm logged into my web app in Safari, but when I use ASWebAuthenticationSession I still have to log in again. Does it not share session cookies with Safari? I did notice that if I don't use an ephemeral session, once I log out and try to log back in my app does automatically log me in but that's actually unhelpful in my opinion because now I have no way to clear that session because it only lives in the ASWebAuthenticationSession context. If that's the case I may as well use the ephemeral session then because it seems to have only drawbacks.

I am working on implementing mTLS authentication in my iOS app (Apple Inhouse & intune MAM managed app). The SCEP client certificate is deployed on the device via Intune MDM. When I try accessing the protected endpoint via SFSafariViewController/ASWebAuthenticationSession, the certificate picker appears and the request succeeds. However, from within my app (using URLSessionDelegate), the certificate is not found (errSecItemNotFound). The didReceive challenge method is called, but my SCEP certificate is not found in the app. The certificate is visible under Settings > Device Management > SCEP Certificate. How can I make my iOS app access and use the SCEP certificate (installed via Intune MDM) for mTLS requests? Do I need a special entitlement, keychain access group, or configuration in Intune or Developer account to allow my app to use the certificate? Here is the sample code I am using: final class KeychainCertificateDelegate: NSObject, URLSessionDelegate { func urlSession(_ session: URLSes

Our recent submissions have been rejected multiple times under Guideline 5.1.2 - Legal - Privacy - Data Use and Sharing. Our app accesses web content inside app where the cookie prompts appears that is the main reason for rejection. Does removing cookies prompts will help to pass the guideline? Or due to any other reason the app is reject. I need specific clarity what exact step to do so that will help us resolving the rejection issues more efficiently and meet Apple review standards.

Hello, I have an authentication flow where my app communicates with a backend protected by F5 client certificate validation. The client certificate is distributed via MDM and is available in the device keychain, but not accessible directly from the app. When using ASWebAuthenticationSession (or SFSafariViewController) Safari can successfully pick up and present the certificate during authentication, so that part works fine. However, the backend’s authenticate endpoint only supports a POST request with an Authorization header, whereas ASWebAuthenticationSession only accepts a GET URL when starting the session. My questions are: How is this type of flow typically implemented in iOS? Should the backend provide a GET-based endpoint that redirects into the POST, or is there a recommended iOS pattern (e.g., an intermediate HTML page that does the POST after certificate validation)? Are there Apple guidelines on handling certificate-based auth with ASWebAuthenticationSession when the API r

Hello, I’m experiencing an issue in the Apple Developer portal when trying to manage my App ID capabilities. Whenever I try to enable or disable a capability and click Save, the page shows the loading spinner but then nothing is saved. App ID: com.kangarli.lucary Team ID: (my Apple Developer account’s Team ID) Tested on different browsers (Safari, Chrome), cleared cache and cookies The issue affects all capabilities, not just Associated Domains Other sections of the Developer portal work normally Is this a known issue with the Developer portal, or is there any workaround? Thanks in advance.

I have now signed out of my account in Xcode, quit the application, signed back in, and also cleared the Xcode derived data and cache. However, I am still receiving the 401 Unauthorized error Any operation related to Xcode Cloud (e.g., viewing the dashboard, creating a workflow) fails immediately across all Xcode projects, including brand-new empty projects. The error is consistent and always appears as: API Invalid status code: 401. Domain: XcodeCloudCombineAPI.XCCResponseError Code: 1 System Information: macOS Version 15.6.1 (Build 24G90) details : Error alert: API Invalid status code: 401.: XCCResponseError(responseErrorType: XcodeCloudCombineAPI.XCCResponseError.XCCResponseErrorType.invalidStatusCode(XcodeCloudCombineAPI.LegacyHttpStatus.unauthorized), requestUrl: Optional(https://appstoreconnect.apple.com/ci/api/teams//apps/find?bundle_id=), traceId: Optional(2ab09bea8da9ef39), retryAfterSecsStr: nil, response: Optional( { URL: https://appstoreconnect.apple.com/ci/api/teams//apps/find?bundle_id=} { Statu

Any operation related to Xcode Cloud (e.g., viewing the dashboard, creating a workflow) fails immediately across all Xcode projects, including brand-new empty projects. The error is consistent and always appears as: API Invalid status code: 401. Domain: XcodeCloudCombineAPI.XCCResponseError Code: 1 System Information: macOS Version 15.6.1 (Build 24G90) details : Error alert: API Invalid status code: 401.: XCCResponseError(responseErrorType: XcodeCloudCombineAPI.XCCResponseError.XCCResponseErrorType.invalidStatusCode(XcodeCloudCombineAPI.LegacyHttpStatus.unauthorized), requestUrl: Optional(https://appstoreconnect.apple.com/ci/api/teams//apps/find?bundle_id=), traceId: Optional(2ab09bea8da9ef39), retryAfterSecsStr: nil, response: Optional( { URL: https://appstoreconnect.apple.com/ci/api/teams//apps/find?bundle_id=} { Status Code: 401, Headers {n Content-Length = (n 0n );n Date = (n Fri, 05 Sep 2025 10:04:07 GMTn );n Server = (n nginxn );n Set-Cookie = (n dqsid=; Expires=Thu, 01 Jan 1970 00:00:00 GMT; P

Hi, I need help resolving an enrollment issue. When I log into my Apple Developer account on the website, I only see the message: “You’ve already agreed to the Apple Developer Agreement.” After that, nothing else loads and I can’t continue. What I’ve tried: Paid the annual fee (it shows as charged). Logged in from iPhone (Developer app), Mac, Safari, and Chrome. Same error. Cleared cookies, tried private mode, and even changed my email. Contacted normal Apple Support (they couldn’t help). Tried to reach Developer Support but I can’t since I’m technically not enrolled. Other details: I can’t access App Store Connect. My Apple ID birthday is set to 15 October 2000. I’ve already accepted the Developer Agreement. Developer app shows an error whenever I try enrollment there. At this point, I’m stuck in a loop: Apple says I’ve already agreed, but my membership isn’t activated, and I can’t contact the right support channel.

I’m trying to update the Domains and Redirects section for my Services ID configuration in Apple Developer (for Sign in with Apple). When I add new domains and click Save, nothing happens. In the browser console, I see a network request that fails with: PATCH not supported What I’ve tried so far: Logging out/in and refreshing the page Clearing browser cache and cookies Trying in Safari, Chrome, and incognito mode Verifying domain formatting (HTTPS, no trailing slash, domain is live) The issue persists in all browsers I’ve tested. Request: Is this a known issue with the Developer portal, or is there an alternative method to update my Services ID domains? Any guidance would be appreciated. Thanks,

Is there a way (in code or on the OAuth2 server/webpage) to specify the desired window size when using ASWebAuthenticationSession on macOS? I haven't found anything, and we would prefer the window to be narrower. For one of our users, the window is even stretched to the full screen width which looks completely broken…