Authentication Services

RSS for tag

Improve the experience of users when they enter credentials to establish their identity using Authentication Services.

Authentication Services Documentation

Posts under Authentication Services tag

76 Posts
Sort by:
Post not yet marked as solved
0 Answers
66 Views
The requirement to revoke authorization tokens when a user deletes their account for an ios app requires two api calls to the appleid.apple.com framework. The first requires passing the authorization code to the /auth/token which returns a token that can be used to revoke app credentials. But this code is returned as part of the sign-in authentication, and expires in 5 minutes. So, if a user signs in, has an app session for longer than 5 minutes, then wants to delete their account, how is this managed? Would they need to sign in again to apple to get a valid code that can be used to revoke authentication? Is there any other way to get a "fresh" authorization code?
Posted
by jmorley.
Last updated
.
Post not yet marked as solved
0 Answers
46 Views
I am creating a react app and am making use of Webauthn to use TouchID or FaceID for user authentication. I have built my app so that when the button is clicked, navigator.credentials.create is the only call made. With attestation set to none, there are no issues however as soon as I set attestation to direct I get an alert saying 'The operation can't be completed' and 'NotAllowedError: This request has been cancelled by the user.' is logged to console. The issue only presents itself on Safari and iOS devices however works perfectly on other browsers like Chrome. Has anyone encountered a similar issue and possibly know how to resolve it? Thanks Shay
Posted
by shay_.
Last updated
.
Post not yet marked as solved
0 Answers
77 Views
Hi. The registration process with WebAuthn works fine and expected. As we use the same code on both android and ios, we dont use discoverable credentials, but instead saves the credential-id in a cookie. If an user deletes his cookie, we can not see if the user has registered previously without prompting the user for registration again. This is okay, and if we get an InvalidStateError (because the user is already registered) we let the user think he has registered again, and just creates a new cookie. The problem is: When the navigator.credentials.create is called, the InvalidStateError is catched immideately, before the user have time to do anything about the faceID prompt which shows. When the InvalidStateError is caught, the Registration Completed page shows. This means the completed page is shown behind the face-id prompt, which is very confusing for the user. How can the registration be completed if the face-id prompt is not finished? On Windows, the error is not thrown before the user has completed the faceid prompt, which means the registration-process is experienced exactly as a first-time registration. Is it a bug that the prompt is shown after the error is thrown? Any tips to how i can work around this? If this is not the right forum to ask - where is a better place? Best regards, Nina
Posted
by ninamwa.
Last updated
.
Post not yet marked as solved
2 Answers
163 Views
Greetings to all, Every time I upload a new build, Xcode asks me to authenticate and when I do and try to distribute again, it says "Error Analyzing App Version". Now bear in mind, I upload a new build almost everyday. When I encounter this error I just try to distribute it later in the evening and voila, works fine. Does anyone has this error? It is so frustrating that I am able to upload only one build per day to TestFlight. I use Xcode 13.3
Posted Last updated
.
Post not yet marked as solved
1 Answers
310 Views
We are building an authentication solution where we are building our own virtual smart card and perform certificate based authentication. We do not want to prompt the User for the PIN of the smart card and autosubmit the PIN on behalf of User through our authorization plugin. To achieve this we are removing loginwindow:login and passing th PIN to the underlying mechanisms by setting th PIN as part of KEnvironmentPassword attribute.With this change, we are observing that builtin:authenticate,privileged is invoking the authorization service instead of authorization_ctk service. Can you please let us know how do we autosubmit the smart card PIN in our authorization mechanism so that built:authenticate,privileged is invoking authorization_ctk service and perform certificate based authentication?
Posted
by rShivaiah.
Last updated
.
Post not yet marked as solved
195 Answers
65k Views
Running the sample "Juice" app, which demos the Sign In With Apple flow, doesn't seem to work with Xcode 12 beta and iOS 14 beta on the simulator (worked fine on the non-beta versions and on a real device with iOS 14 beta). Once the password for the device's Apple ID is entered, the wheel in the password field just keeps spinning. No error messages and nothing handed back over to the app from the ASAuthorizationController. Anyone else seeing this problem ? Are there any workarounds ?
Posted
by npvisual.
Last updated
.
Post not yet marked as solved
1 Answers
174 Views
Usually, people respond to these types of posts with things like: "honor the users choice here" This isn't about choice. We are a bank. A literal bank. For regulatory reasons, we need to collect the user's email during onboarding. It's used for legal communications including bank statements, as well as compliance with anti money laundering laws. In fact, email is one of the least invasive things we collect. Banks need to collect SSN, mailing/billing addresses, full legal names, phone numbers, and more. If Apple's response was, "there's no way to disable Hide My Email", then we would be legally required to have entirely separate UI after the "Sign in with Apple" screen where we collect and verify their real email. Two email auth screens. By telling us to NOT disable Hide My Email, you're saying that we need to have separate email collection UI, or we need to abandon Sign in with Apple entirely and go with custom email/password auth.
Posted Last updated
.
Post marked as Apple Recommended
2.4k Views
My macOS app uses ASWebAuthenticationSession for users to login to a third party service. It's worked fine until Monterey. When I call start on ASWebAuthenticationSession it shows me the permission window as expected: However when I click Continue nothing else happens. It does not show the Safari window and load the login page. I've noticed these errors appear in the Console every time, so it seems it's having trouble opening Safari (even though I have Safari already open). Any suggestions on how to fix this? Surely ASWebAuthenticationSession isn't broken for everyone? error 10:40:50.598301+0000 kernel 43 duplicate reports for Sandbox: com.apple.WebKit(13346) deny(1) mach-lookup com.apple.diagnosticd error 10:40:50.598309+0000 kernel Sandbox: SafariLaunchAgen(5469) deny(1) system-fsctl _IO('h', 47) error 10:40:52.349729+0000 kernel Sandbox: com.apple.WebKit(6675) deny(1) mach-lookup com.apple.diagnosticd error 10:40:53.011948+0000 CoreServicesUIAgent LAUNCH: Launch failure with -10652/ <FSNode 0x60000068b6e0> { isDir = y, path = '/Applications/Safari.app' } error 10:40:53.019505+0000 CoreServicesUIAgent Unable to forward entitlements from overridden keySenderAuditTokenAttr [sess=100005 pid=5469 uid:501,501,501 g:20,20 pV:257536] to target port ( port:85539/0x14e23 rcv:0,send:2,d:0 limit:0), which will likely cause them to reject this AppleEvent, errorRef=[ NULL ]
Posted
by dazboj.
Last updated
.
Post not yet marked as solved
0 Answers
118 Views
Hi devs!!! Calling createCredentialRegistrationRequestWithChallenge returns the following error: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service named com.apple.AuthenticationServicesCore.AuthenticationServicesAgent" UserInfo={NSDebugDescription=connection to service named com.apple.AuthenticationServicesCore.AuthenticationServicesAgent} What can be the potential reason?
Posted
by asmbaty.
Last updated
.
Post not yet marked as solved
0 Answers
93 Views
I have a mobile application for iOS. The application uses a third-party application to power the login to the application (eg: Google Authenticator). The application is targeting a specific community and assumes all the users already have access to the third-party app. Login to the application happens smoothly as they already have the third-party app installed on their phone. Now when I submit this app for approval to Appstore, I am not clear on how I can provide test access to Apple. As the app will be on the production setup, there are no test accounts that can be provided here. If anyone in the community has prior experience here, kindly shed some light
Posted Last updated
.
Post not yet marked as solved
0 Answers
94 Views
Hi! I am using Firebase and want to disable the sign up button to personalise experience for signed up users on the login view. I am using below but it doesn't seem to work. Anyone knows what I should change? extension LoginViewController: AuthUIDelegate { func handleAuthenticated(_ Button: UIButton) -> Bool { if Auth.auth().currentUser != nil {      createAccountButton.isHidden = true     } else {       createAccountButton.isHidden = false     }   return true   } }
Posted Last updated
.
Post not yet marked as solved
2 Answers
255 Views
We use ASWebAuthenticationSession to authenticate users in our app, and we so far relied on an associated domain (universal link) for the last redirection step (callback), instead of a custom scheme, for security reasons. It works fine on iOS <= 15.4.1 (current release at time of writing), but we noticed that the associated domain is no longer detected during the callback on iOS 15.5 (beta 4). As a result, the user ends up on our web app within the ASWebAuthenticationSession view, and the app authentication never finishes. Is anybody experiencing the same issue? Thanks.
Posted Last updated
.
Post not yet marked as solved
5 Answers
1.3k Views
When attempting to open an otpauth://totp URL on iOS 15 Beta 8 it opens the Password Manager. Based on the documentation & the tagged WWDC session it should only open the iOS Password Manager if the URL contains the apple- prefix. For example: apple-otpauth://totp This is currently breaking our Multi Factor Authentication setup flow. Will this behaviour be changed for the next beta & iOS 15 release?
Posted Last updated
.
Post not yet marked as solved
4 Answers
314 Views
I am currently trying to develop an application that fetches users data from a firebase database and displays it in a table view. The function that I am having problems with is the function that loads the data. class EntryViewController: NSObject {       var event :String?   var dateAndTime: String?   var message: String?   // id which is set from firebase to uniquely identify it   var uniqueId:String?     } class LoggingViewController: UIViewController {       var entryviewcontroller:EntryViewController?        @IBOutlet weak var eventTextBox: UITextField!   @IBOutlet weak var datePicker: UIDatePicker!   @IBOutlet weak var notesTextBox: UITextField!       @IBAction func saveEntryButton(_ sender: Any) {         if entryviewcontroller == nil {        entryviewcontroller = EntryViewController()      }          let dateFormatter = DateFormatter()      dateFormatter.dateFormat = "dd/MM/yyyy hh:mm a"      entryviewcontroller?.event = self.eventTextBox.text ;      entryviewcontroller?.message = self.notesTextBox.text      entryviewcontroller?.dateAndTime = dateFormatter.string(from: self.datePicker.date)            let db = Firestore.firestore()      guard let uid = Auth.auth().currentUser?.uid else {        return      }            db.collection("usersEvents").document(uid).setData([        "event" : entryviewcontroller!.event! ,        "dateAndTime" : entryviewcontroller!.dateAndTime!,        "message" : entryviewcontroller!.message!]){                    err in          if let err = err {            print("Error writing document: \(err)")            return          } else {            print("Document successfully written!")          }        }     func viewDidLoad() {       super.viewDidLoad()     }   }    }     class DashboardViewController: UIViewController { @IBOutlet weak var reminderList: UITableView! var reminders = [EntryViewController]() override func viewWillAppear(_ animated: Bool) { super.viewWillAppear(animated) loadData() } func loadData() { self.reminders.removeAll() let ref = Database.database().reference() ref.child("usersEvents").observeSingleEvent(of: .value, with: { (snapshot) in if let reminderDict = snapshot.value as? [String:AnyObject] { for (_,reminderElement) in reminderDict { print(reminderElement); let reminder = Reminder() reminders.event = reminderElement["event"] as? String reminders.dateAndTime = reminderElement["data and time"] as? String reminders.message = reminderElement["notes"] as? String self.reminders.append(reminder) } } self.tableView.reloadData() // Should it be inside the if let ? }, withCancel: { (error) in print(error.localizedDescription) }) func tableView(tableView: UITableView, numberOfRowsInSection section: Int) -> Int { return self.reminders.count } func tableView(_ tableView: UITableView, cellForRowAt indexPath: IndexPath) -> UITableViewCell { if let cell = tableView.dequeueReusableCell(withIdentifier: "ToDoCell") { var content = cell.defaultContentConfiguration() content.text = reminders[indexPath.row].event cell.contentConfiguration = content return cell } else { return UITableViewCell() } } } } This is the class thats being developed for the dashboard page of the application. The following error messages are displayed Value of type '[EntryViewController]' has no member 'event' Value of type '[EntryViewController]' has no member 'dateAndTime' Value of type '[EntryViewController]' has no member 'message' This is where the errors keep appearing let reminder = Reminder() reminders.event = reminderElement["event"] as? String reminders.dateAndTime = reminderElement["data and time"] as? String reminders.message = reminderElement["notes"] as? String self.reminders.append(reminder) }
Posted Last updated
.
Post not yet marked as solved
1 Answers
154 Views
We have an app (under development) which needs another app to login. Let's say App 1 already installed parent app on user device and we are developing App 2 which is dependent on App 1 for SSO login using oAuth. So my question is, If we submit app 2 for approval, how the review team will test it? will it be rejected ? what is the standard procedure in such cases?. Can we share the credentials of App 1 and Review team install App 1 and try ?
Posted
by dhanesh.
Last updated
.
Post not yet marked as solved
0 Answers
188 Views
Hi, I am writing apps in C++ and Objective-C. I created an instance of ASWebAuthenticationSession and set the presentationContextProvider. Then when I started the session, the app crashed with EXC_BAD_ACCESS (KERN_INVALID_ADDRESS). When I checked the crash log, I found an exception in [SFSafariViewController _setEdgeSwipeDismissalEnabled:]. But since this method is defined within the iOS framework(Xcode13.2.1), I don't know which field is causing the crash. I've done some testing, but I don't get much information : -I have enabled "Zombie Object" and "Address Sanitizer",however I was unable to get any additional information. -I tried to create a new project and used ASWebAuthenticationSession with the same arguments, but I could not reproduce the problem. Can someone please help or any other advice on finding the reasons for this error? OS Version: iPhone OS 14.7.1 (18G82) Release Type: User Baseband Version: 8.80.01 Report Version: 104 Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000010000 VM Region Info: 0x10000 is not in any region. Bytes before following region: 4338286592 REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL UNUSED SPACE AT START ---> __TEXT 102960000-10391c000 [ 15.7M] r-x/r-x SM=COW ...pp/Disgaea4sp Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [35391] Triggered by Thread: 0 Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed: 0 libobjc.A.dylib 0x00000001b3824148 objc_msgSend + 8 1 SafariServices 0x00000001b965906c -[SFSafariViewController setEdgeSwipeDismissalEnabled:] + 84 2 SafariServices 0x00000001b962cd5c -[SFBrowserRemoteViewController setRemoteSwipeGestureEnabled:] + 64 3 CoreFoundation 0x000000019fab7a10 invoking + 144 4 CoreFoundation 0x000000019f999720 -[NSInvocation invoke] + 300 5 libdispatch.dylib 0x000000019f6eb298 _dispatch_client_callout + 16 6 libdispatch.dylib 0x000000019f6905b8 _dispatch_block_invoke_direct$VARIANT$mp + 224 7 FrontBoardServices 0x00000001ae5d9e04 FBSSERIALQUEUE_IS_CALLING_OUT_TO_A_BLOCK + 40 8 FrontBoardServices 0x00000001ae5d9acc -[FBSSerialQueue _targetQueue_performNextIfPossible] + 404 9 FrontBoardServices 0x00000001ae5d9fa0 -[FBSSerialQueue _performNextFromRunLoopSource] + 28 10 CoreFoundation 0x000000019fa328a8 CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION + 24 11 CoreFoundation 0x000000019fa327a8 __CFRunLoopDoSource0 + 204 12 CoreFoundation 0x000000019fa31afc __CFRunLoopDoSources0 + 256 13 CoreFoundation 0x000000019fa2c018 __CFRunLoopRun + 768 14 CoreFoundation 0x000000019fa2b7d0 CFRunLoopRunSpecific + 572 15 GraphicsServices 0x00000001b616d570 GSEventRunModal + 160 16 UIKitCore 0x00000001a23582d0 -[UIApplication _run] + 1052 17 UIKitCore 0x00000001a235d84c UIApplicationMain + 164 18 applicationName 0x000000010296a1e4 main + 41444 (main.m:6) 19 libdyld.dylib 0x000000019f70a140 start + 4
Posted
by nirei.
Last updated
.
Post not yet marked as solved
2 Answers
223 Views
Hi all; I'm trying to implement ASWebAuthenticationSession on MacOS. The application must be able to open the default browser to interact with the IdP. The implemented code is basic, since what I am trying to understand is how to configure the framework to be able to open the system browser. Based on the documentation I observe this: A browser loads and displays the page, from which the user can authenticate. In iOS, the browser is a secure, embedded web view. In macOS, the system opens the user’s default browser if it supports web authentication sessions, or Safari otherwise. That is, it implies that this would be valid only for iOS, since a view is required where the content can be anchored. With which my understanding is that for MacOS that is not necessary, since the system browser is used. However, when I try to compile the base example, Xcode throws the following message: _Domain=com.apple.AuthenticationServices.WebAuthenticationSession Code=2 "Cannot start ASWebAuthenticationSession without providing presentation context. The base code I'm using is very simple: ASWebAuthenticationSession* webAuth = [[ASWebAuthenticationSession alloc] initWithURL:requestURL                 callbackURLScheme:redirectScheme                 completionHandler:^(NSURL * _Nullable callbackURL,NSError * _Nullable error)   {}]; webAuth.start; All of this is required in Objective-C. All the examples that have been and will be are for iOS and all based on Swift. Any reference about it to be able to implement this in MacOs? Thanks and regards. Cristian.
Posted Last updated
.