Hi, I am writing apps in C++ and Objective-C. I created an instance of ASWebAuthenticationSession and set the presentationContextProvider. Then when I started the session, the app crashed with EXC_BAD_ACCESS (KERN_INVALID_ADDRESS). When I checked the crash log, I found an exception in [SFSafariViewController _setEdgeSwipeDismissalEnabled:]. But since this method is defined within the iOS framework(Xcode13.2.1), I don't know which field is causing the crash. I've done some testing, but I don't get much information : -I have enabled "Zombie Object" and "Address Sanitizer",however I was unable to get any additional information. -I tried to create a new project and used ASWebAuthenticationSession with the same arguments, but I could not reproduce the problem. Can someone please help or any other advice on finding the reasons for this error? OS Version: iPhone OS 14.7.1 (18G82) Release Type: User Baseband Version: 8.80.01 Report Version: 104 Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000010000 VM Region Info: 0x10000 is not in any region. Bytes before following region: 4338286592 REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL UNUSED SPACE AT START ---> __TEXT 102960000-10391c000 [ 15.7M] r-x/r-x SM=COW ...pp/Disgaea4sp Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [35391] Triggered by Thread: 0 Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed: 0 libobjc.A.dylib 0x00000001b3824148 objc_msgSend + 8 1 SafariServices 0x00000001b965906c -[SFSafariViewController setEdgeSwipeDismissalEnabled:] + 84 2 SafariServices 0x00000001b962cd5c -[SFBrowserRemoteViewController setRemoteSwipeGestureEnabled:] + 64 3 CoreFoundation 0x000000019fab7a10 invoking + 144 4 CoreFoundation 0x000000019f999720 -[NSInvocation invoke] + 300 5 libdispatch.dylib 0x000000019f6eb298 _dispatch_client_callout + 16 6 libdispatch.dylib 0x000000019f6905b8 _dispatch_block_invoke_direct$VARIANT$mp + 224 7 FrontBoardServices 0x00000001ae5d9e04 FBSSERIALQUEUE_IS_CALLING_OUT_TO_A_BLOCK + 40 8 FrontBoardServices 0x00000001ae5d9acc -[FBSSerialQueue _targetQueue_performNextIfPossible] + 404 9 FrontBoardServices 0x00000001ae5d9fa0 -[FBSSerialQueue _performNextFromRunLoopSource] + 28 10 CoreFoundation 0x000000019fa328a8 CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION + 24 11 CoreFoundation 0x000000019fa327a8 __CFRunLoopDoSource0 + 204 12 CoreFoundation 0x000000019fa31afc __CFRunLoopDoSources0 + 256 13 CoreFoundation 0x000000019fa2c018 __CFRunLoopRun + 768 14 CoreFoundation 0x000000019fa2b7d0 CFRunLoopRunSpecific + 572 15 GraphicsServices 0x00000001b616d570 GSEventRunModal + 160 16 UIKitCore 0x00000001a23582d0 -[UIApplication _run] + 1052 17 UIKitCore 0x00000001a235d84c UIApplicationMain + 164 18 applicationName 0x000000010296a1e4 main + 41444 (main.m:6) 19 libdyld.dylib 0x000000019f70a140 start + 4

Hi all; I'm trying to implement ASWebAuthenticationSession on MacOS. The application must be able to open the default browser to interact with the IdP. The implemented code is basic, since what I am trying to understand is how to configure the framework to be able to open the system browser. Based on the documentation I observe this: A browser loads and displays the page, from which the user can authenticate. In iOS, the browser is a secure, embedded web view. In macOS, the system opens the user’s default browser if it supports web authentication sessions, or Safari otherwise. That is, it implies that this would be valid only for iOS, since a view is required where the content can be anchored. With which my understanding is that for MacOS that is not necessary, since the system browser is used. However, when I try to compile the base example, Xcode throws the following message: _Domain=com.apple.AuthenticationServices.WebAuthenticationSession Code=2 "Cannot start ASWebAuthenticationSession without providing presentation context. The base code I'm using is very simple: ASWebAuthenticationSession* webAuth = [[ASWebAuthenticationSession alloc] initWithURL:requestURL                 callbackURLScheme:redirectScheme                 completionHandler:^(NSURL * _Nullable callbackURL,NSError * _Nullable error)   {}]; webAuth.start; All of this is required in Objective-C. All the examples that have been and will be are for iOS and all based on Swift. Any reference about it to be able to implement this in MacOs? Thanks and regards. Cristian.

An iOS application of ours we develop for a client was recently rejected as it was claimed we violate Guideline 5.1.2. The App Review team's justification was: We noticed your app accesses web content you own where you collect cookies. Cookies may be used to track users, but you do not use App Tracking Transparency to request the user's permission before collecting data used to track. The App Review team included a screenshot of our client's website which they had navigated to via a button found in our client's SSO login flow. Their main website has a cookie policy which seems to be the cause of the rejection. Clearly our client's main website should not be accessible via their SSO login flow but this opens a wider question and concerns from our client. We open the SSO login flow within an ephemeral ASWebAuthenticationSession. The documentation of which states: Set prefersEphemeralWebBrowserSession to true to request that the browser doesn’t share cookies or other browsing data between the authentication session and the user’s normal browser session. https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession/3237231-prefersephemeralwebbrowsersessio We interpret that and the fact that there is no API on ASWebAuthentication to extract cookies from it into the hosting iOS app to mean that we do not store cookies in our iOS app and are therefore not in violation of Guideline 5.1.2. We also assume the same thing applies to SFSafariViewController (which we also use to sometimes display pages from our client's website which, to reiterate, has a cookie policy). It's documentation states: The user's activity and interaction with SFSafariViewController are not visible to your app, which cannot access AutoFill data, browsing history, or website data https://developer.apple.com/documentation/safariservices/sfsafariviewcontroller After having read the documentation we see no reason why accessing a website with a cookie policy within either an ephemeral ASWebAuthenticationSession or an SFSafariViewController would warrant the hosting app to include App Tracking Transparency. I am assuming that due to the nature of these APIs (as they do not give cookie access to the hosting app) that they are exempt. Could someone please either: Provide documentation that states if an ephemeral ASWebAuthenticationSession or an SFSafariViewController accesses a website with a cookie policy App Tracking Transparency is required. or Confirm that we are not in violation of of Guideline 5.1.2 and we should appeal the rejection. Many thanks

Strong Password suggestion works just fine from a developer signed app on a development device. However, when we try to send it to QA for testing with our ad-hoc signed or even from TestFlight our distribution signed app, the Strong Password feature doesn't present itself. Our AASA file is up in production and is captured by the Apple CDN. Our associated domains entitlement has for example: webcredentials:*.mydomain.com Again, this works in development (did not need to use ?mode=developer) and our AASA file is up in production. Has anyone had issues testing the Strong Password or any Associated Domain feature in TestFlight?

We discovered one or more bugs in your app.  Specifically, an error is still shown when trying to log in with Sign in with Apple.  Please review the details below and complete the next steps.  Review device details: Device type: iPad and iPhone  OS version: iOS 15.1.0 Next Steps Please run your app on a device to reproduce the issues, then revise and submit your app for review. If at first you're unable to reproduce the issue, try the following:  For new apps, uninstall all previous versions of your app from a device, then install and follow the steps to reproduce.  For app updates, install the new version as an update to the previous version, then follow the steps to reproduce. If we misunderstood the intended behavior of your app, please reply to this message in Resolution Center to provide information on how these features were intended to work. Resources For information about testing apps and preparing them for review, see Technical Note TN2431: App Testing Guide. To learn about troubleshooting networking issues, see About Networking. We tried both scenarios (app update and fresh install) to reproduce the issue on iPadOS 15.1. This was tried on TestFlight build but it was working as expected. Login was success everytime. The implementation is done purely using AuthenticationService. To create request - ASAuthorizationAppleIDProvider().createRequest() To perform request - ASAuthorizationController Somehow app gets rejected everytime. Is there any way to reproduce this issue? How can we debug such issues?

While trying to authenticate OAuth 2.0 by AppAuth Library (https://github.com/openid/AppAuth-iOS) not working . After entering user name password page is loading for a long time. Not getting any error or success . Also check with other browsers as well, on that case working. Please help me to understand the root cause of it . Also raised this issue to AppAuth Library team -(https://github.com/openid/AppAuth-iOS/issues/698) Device iOS version -15.

Hello, I am creating a stand alone watchOS app and I need to authenticate the user with the web api according to the Oauth 2 flow. I am using ASwebauthenticationsession to provide the user a pop up browser to login. For some reason the base URL, accounts.spotify.com opens up a blank white screen for me. I have tried with other URL's and it works perfectly fine, it is only this URL that doesn't work. If theres any other way to authenticate as well, please let me know!   Thanks!

I'm currently using Log in with Apple and am wondering if Chrome's 3p cookie deprecation will impact any of our user flows. I was reading that for OAuth, SPA background token renewal (iframe) will break, and front-channel logout / session management will break for OIDC--has anyone heard this as well, or of any other user flows that may break?   Should I be concerned and is Apple working on developing any workarounds for breakages? Have they built anything in the past for Safari & Firefox's movement away from third party cookies (not sure if the impact will be the same for Chrome).

I'm interested in leveraging WebAuthn for an App that uses a web view for authentication. One of the open questions I'm grappling with is "what's the experience difference between WebAuthn on mobile vs. a native app experience?" The biggest difference in usability that I'm able to see from a few demos is in the authentication experience (the registration experience seems pretty similar). In the WebAuthn mobile experience, a user is prompted with "Do you want to sign in to 'XYZ@test.com' using a saved account?" with two options (one for a saved account and the second being "Account from Security Key"). I'd imagine this is different from mobile native experiences which immediately prompt Face/TouchID (less steps / friction). Is there any way to prevent / suppress that screen? For example, if I update my request to not support security keys, would a user skip the "account / security key" prompt and default to Face/TouchID (assuming there was only one registered account)? Or would iOS still default to this prompt and a user would select his/her account?

I'm having issues simulating a Sign In with Apple in the simulator. After some searching, it seems this has been an issue in the past iOS's but haven't found anything recent (this year 2022). The turning wheel spins in the simulator and doesn't authorize. Is this a bug still happening? I'm on iOS 15.2 Thanks.

Hello Apple developer world, I’ve started a community of audio engineers as sort of a mastermind group to help members advance in their craft. The benefits of this group is exclusive access to tools on their iPhone to “assist” audio engineers while working. In the past, we had no problem asking for a login prior to app use. Now it appears that Apple does not approve and has denied updates. Does anyone have suggestions on what I can do to have offer exclusive iOS apps? If forced to have users subscribe via Apple ID, how can I implement that into system where user can login to website to receive ebooks, educational content, etc? Thank you all for your suggestions and support.

I have a requirement where I need to call Graph API after getting token from AzureAD using MSAL and then to continue with other functions in viewDidLoad() method. I have tried, but the issue is, the application fails to get token using acquireTokenSilently and does not call acquireTokenInteractively in between the app form was loaded. Can you please help, I need this on urgent basis.

I only need to call a couple of lines of code with privilege escalation, I think I understand the reasoning behind creating a separate 'helper' application to perform these tasks. Is there a way to get AuthorizationCreate to display the authentication dialog with TouchID? I see localAuthentation can display a TouchID dialog. Is there (apart from AppleScript) a non-deprecated way to simply request authorization, launch a helper with privileges and arguments, then easily obtain the results from it? I get the impression that with SMJobBless (a non-deprecated API, but a ton of work), the helper will then permanently have escalated privileges, surely this is less secure? Also with SMJobBless, it appears that I need to use an installer package to install the helper in the correct place, is this correct? Is there a replacement for SMJobSubmit in the works? What am I missing, or misunderstanding?

I am facing one issue while trying to Sign in with Apple. error is as below: "The Operation couldn't be completed (com.apple.AuthenticationServices.AuthorizationError error 1000.)" I get this error as soon as the button is pressed it doesn't even get into the actual sign-in part. I have verified that entitlements file is there with the below content: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC ""> <plist version="1.0"> <dict> <key>aps-environment</key> <string>development</string> <key>com.apple.developer.applesignin</key> <array> <string>Default</string> </array> </dict> </plist> I transferred the project and certificates from another machine. So deleted all the certificates and provisional profiles and recreated them from the new machine but faced an issue. Also, It only happens in exported (Archived build). When I directly install it from Xcode it is working fine. I have followed the official apple document to implement it. below is how I'm requesting the authentication: currentNonce = randomNonceString() let request = ASAuthorizationAppleIDProvider().createRequest() request.requestedScopes = [.fullName, .email] let controller = ASAuthorizationController(authorizationRequests: [request]) request.nonce = currentNonce?.sha256() controller.delegate = self controller.presentationContextProvider = self controller.performRequests() Below are delegates: func authorizationController(controller: ASAuthorizationController, didCompleteWithAuthorization authorization: ASAuthorization) {         switch authorization.credential {         case let appleIDCredential as ASAuthorizationAppleIDCredential: //Authenticated             break         default:             break         } }     func presentationAnchor(for controller: ASAuthorizationController) -> ASPresentationAnchor {         return self.view.window! }     func authorizationController(controller: ASAuthorizationController, didCompleteWithError error: Error) { Utils.showAlert(withMessage: error.localizedDescription) } Any help would be appreciated

I am creating links to add TOTP authentication for the iCloud keychain. But after clicking the link, will cause an system crash with macOS 12.0.1 and clicking the link with iOS cause an alert: "Cannot Add Verification Code to This Account - A verification code could not be created from this URL.". I have tried the following link: otpauth://totp/example.com:Username&secret=4SMF2WK32UQZNHO6JWBO3GDJQYI4MP2D4FQA&issuer=example.com I also tried the whole thing with the Apple specific prefix, which resulted in the same error. Is this a general problem with apples integration, or is there anything I am missing?

I've been using the Transporter app on my Mac to push our mobile builds to the app store. Recently, my company made account changes that requires 2FA with our live.com account. When I log into my apple account, I'm taken to a broken page at Microsoft. I've gotten around this with a secondary Apple Id. Unfortunately, today I launched Transporter, and it's doing the same thing. I have no way to enter in my secondary Apple Id. I've tried uninstalling and re-installing the app, but there must be a config file somewhere that's saving my last login credentials. Does anyone know how I can reset the app so I'm prompted for credentials again?

Hi, we have developed password manager app that integrates with macOS Password AutoFill. This works well in Safari for filling passwords and users are happy. However users have reported that Safari keeps prompting users to save the just filled passwords in the Keychain. They receive a popup: Our users have explicitly and deliberately chosen not to use the Keychain for their passwords, so this is inappropriate. Unfortunately there appears to be no way to stop these prompts. You can turn them off only by completely disabling Password AutoFill in Safari, which means disabling our App's ability to AutoFill. This seems like an oversight. Setting here: Preferences > AutoFill > Usernames and Passwords Perhaps I've missed something, but if not, could we get a way to disable this Keychain/built in Password Manager prompt for users who use a third party Password Manager (which correctly works with Password AutoFill, the right way (tm) to do AutoFill). Cheers.