I'm currently using Log in with Apple and am wondering if Chrome's 3p cookie deprecation will impact any of our user flows. I was reading that for OAuth, SPA background token renewal (iframe) will break, and front-channel logout / session management will break for OIDC--has anyone heard this as well, or of any other user flows that may break?   Should I be concerned and is Apple working on developing any workarounds for breakages? Have they built anything in the past for Safari & Firefox's movement away from third party cookies (not sure if the impact will be the same for Chrome).

I'm having issues simulating a Sign In with Apple in the simulator. After some searching, it seems this has been an issue in the past iOS's but haven't found anything recent (this year 2022). The turning wheel spins in the simulator and doesn't authorize. Is this a bug still happening? I'm on iOS 15.2 Thanks.

Hello Apple developer world, I’ve started a community of audio engineers as sort of a mastermind group to help members advance in their craft. The benefits of this group is exclusive access to tools on their iPhone to “assist” audio engineers while working. In the past, we had no problem asking for a login prior to app use. Now it appears that Apple does not approve and has denied updates. Does anyone have suggestions on what I can do to have offer exclusive iOS apps? If forced to have users subscribe via Apple ID, how can I implement that into system where user can login to website to receive ebooks, educational content, etc? Thank you all for your suggestions and support.

I have a requirement where I need to call Graph API after getting token from AzureAD using MSAL and then to continue with other functions in viewDidLoad() method. I have tried, but the issue is, the application fails to get token using acquireTokenSilently and does not call acquireTokenInteractively in between the app form was loaded. Can you please help, I need this on urgent basis.

I only need to call a couple of lines of code with privilege escalation, I think I understand the reasoning behind creating a separate 'helper' application to perform these tasks. Is there a way to get AuthorizationCreate to display the authentication dialog with TouchID? I see localAuthentation can display a TouchID dialog. Is there (apart from AppleScript) a non-deprecated way to simply request authorization, launch a helper with privileges and arguments, then easily obtain the results from it? I get the impression that with SMJobBless (a non-deprecated API, but a ton of work), the helper will then permanently have escalated privileges, surely this is less secure? Also with SMJobBless, it appears that I need to use an installer package to install the helper in the correct place, is this correct? Is there a replacement for SMJobSubmit in the works? What am I missing, or misunderstanding?

An iOS application of ours we develop for a client was recently rejected as it was claimed we violate Guideline 5.1.2. The App Review team's justification was: We noticed your app accesses web content you own where you collect cookies. Cookies may be used to track users, but you do not use App Tracking Transparency to request the user's permission before collecting data used to track. The App Review team included a screenshot of our client's website which they had navigated to via a button found in our client's SSO login flow. Their main website has a cookie policy which seems to be the cause of the rejection. Clearly our client's main website should not be accessible via their SSO login flow but this opens a wider question and concerns from our client. We open the SSO login flow within an ephemeral ASWebAuthenticationSession. The documentation of which states: Set prefersEphemeralWebBrowserSession to true to request that the browser doesn’t share cookies or other browsing data between the authentication session and the user’s normal browser session. https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession/3237231-prefersephemeralwebbrowsersessio We interpret that and the fact that there is no API on ASWebAuthentication to extract cookies from it into the hosting iOS app to mean that we do not store cookies in our iOS app and are therefore not in violation of Guideline 5.1.2. We also assume the same thing applies to SFSafariViewController (which we also use to sometimes display pages from our client's website which, to reiterate, has a cookie policy). It's documentation states: The user's activity and interaction with SFSafariViewController are not visible to your app, which cannot access AutoFill data, browsing history, or website data https://developer.apple.com/documentation/safariservices/sfsafariviewcontroller After having read the documentation we see no reason why accessing a website with a cookie policy within either an ephemeral ASWebAuthenticationSession or an SFSafariViewController would warrant the hosting app to include App Tracking Transparency. I am assuming that due to the nature of these APIs (as they do not give cookie access to the hosting app) that they are exempt. Could someone please either: Provide documentation that states if an ephemeral ASWebAuthenticationSession or an SFSafariViewController accesses a website with a cookie policy App Tracking Transparency is required. or Confirm that we are not in violation of of Guideline 5.1.2 and we should appeal the rejection. Many thanks

I am facing one issue while trying to Sign in with Apple. error is as below: "The Operation couldn't be completed (com.apple.AuthenticationServices.AuthorizationError error 1000.)" I get this error as soon as the button is pressed it doesn't even get into the actual sign-in part. I have verified that entitlements file is there with the below content: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC ""> <plist version="1.0"> <dict> <key>aps-environment</key> <string>development</string> <key>com.apple.developer.applesignin</key> <array> <string>Default</string> </array> </dict> </plist> I transferred the project and certificates from another machine. So deleted all the certificates and provisional profiles and recreated them from the new machine but faced an issue. Also, It only happens in exported (Archived build). When I directly install it from Xcode it is working fine. I have followed the official apple document to implement it. below is how I'm requesting the authentication: currentNonce = randomNonceString() let request = ASAuthorizationAppleIDProvider().createRequest() request.requestedScopes = [.fullName, .email] let controller = ASAuthorizationController(authorizationRequests: [request]) request.nonce = currentNonce?.sha256() controller.delegate = self controller.presentationContextProvider = self controller.performRequests() Below are delegates: func authorizationController(controller: ASAuthorizationController, didCompleteWithAuthorization authorization: ASAuthorization) {         switch authorization.credential {         case let appleIDCredential as ASAuthorizationAppleIDCredential: //Authenticated             break         default:             break         } }     func presentationAnchor(for controller: ASAuthorizationController) -> ASPresentationAnchor {         return self.view.window! }     func authorizationController(controller: ASAuthorizationController, didCompleteWithError error: Error) { Utils.showAlert(withMessage: error.localizedDescription) } Any help would be appreciated

Hi, we have developed password manager app that integrates with macOS Password AutoFill. This works well in Safari for filling passwords and users are happy. However users have reported that Safari keeps prompting users to save the just filled passwords in the Keychain. They receive a popup: Our users have explicitly and deliberately chosen not to use the Keychain for their passwords, so this is inappropriate. Unfortunately there appears to be no way to stop these prompts. You can turn them off only by completely disabling Password AutoFill in Safari, which means disabling our App's ability to AutoFill. This seems like an oversight. Setting here: Preferences > AutoFill > Usernames and Passwords Perhaps I've missed something, but if not, could we get a way to disable this Keychain/built in Password Manager prompt for users who use a third party Password Manager (which correctly works with Password AutoFill, the right way (tm) to do AutoFill). Cheers.

I have a SwiftUI app live on the App Store which uses ASWebAuthenticationSession to authenticate against several remote services. It all runs perfectly on iOS but I'm getting a stream of complaints from users running it on Monterey / Catalyst. There seem to be 2 main errors: The auth browser window doesn't anchor properly, so the window will pop-up but it's completely independent of my app, so can easily end-up behind my application (which then appears to have hung) Even worse, on some machines (mostly m1 iMacs) the window doesn't pop-up at all but the OAuth request to the browser sits in some queue somewhere and at a later point when the user happens to restart their browser they will be prompted to login for every single time they clicked on the "sign in" button in my app. I've seen lots of other reports of the 2nd problem which just seems to happen randomly so I don't have a repro. I've seen a similar number of different ways of implementing ASWebAuthenticationPresentationContextProviding which (I presume) ought to fix the former. Unfortunately none of them work. I'm including some minimal code to reproduce the former issue. This is my own amalgamation of several other approaches. It doesn't work - if you click on the "sign in" button the OAuth window will pop-up but it's completely independent and you can easily move the "anchor" window on top of it. Has anyone managed to get this working? Here's the code: import SwiftUI import AuthenticationServices import UIKit struct SignInView: View {     @StateObject var viewModel = SignInViewModel()     @State var window: UIWindow? = nil     var body: some View {         VStack(spacing: 16) {             Image(systemName: "person.circle")                 .resizable()                 .frame(width: 50, height: 50)                 .foregroundColor(.primary)             VStack(spacing: 8) {                 Text("You must be log in to proceed any further")                     .foregroundColor(.secondary)                     .font(.title3)                     .multilineTextAlignment(.center)                     .padding()                 Button {                     viewModel.signIn(window: self.window)                 } label: {                     Text("Sign In")                         .foregroundColor(.white)                         .padding()                         .clipShape(RoundedRectangle(cornerRadius: 8))                         .background(                                     HostingWindowFinder { window in                                         self.window = window                                    }                         )                 }             }         }     } } class SignInViewModel: NSObject, ObservableObject, ASWebAuthenticationPresentationContextProviding {     var window: UIWindow? = nil     func presentationAnchor(for session: ASWebAuthenticationSession) -> ASPresentationAnchor {         return window ?? ASPresentationAnchor()     }     func signIn(window: UIWindow?) {         self.window = window         let authSession = ASWebAuthenticationSession(url: URL(string: "https://accounts.spotify.com/authorize")!, callbackURLScheme: "myapp-auth") { (url, error) in             if let error = error {                 print(error.localizedDescription)             } else if let url = url {                 print(url.absoluteString)             }         }         authSession.presentationContextProvider = self         authSession.prefersEphemeralWebBrowserSession = true         authSession.start()     } } struct HostingWindowFinder: UIViewRepresentable {     var callback: (UIWindow?) -> ()     func makeUIView(context: Context) -> UIView {         let view = UIView()         DispatchQueue.main.async { [weak view] in             self.callback(view?.window)         }         return view     }     func updateUIView(_ uiView: UIView, context: Context) {     } }

I have submitted my app it was reviewed and it is available on appp store now. But the app is not opening after download. It gets stuck at Splash Screen..

Hello, I'm writing a small app which requires user accounts and authenticating against a remote backend (REST API) which belongs to the app. What I've done so far, is adding the "Sign in with Apple" button to my SwiftUI and receiving a ASAuthorization object containing user, IdToken, AuthCode, ... When a user signs in the first time, I have to create an account in the backend, saving the userId and Name. This and all future calls to my backend API I want to secure by using the IdToken as Bearer for Authentication. My backend will verify the token as described here. For me, it's not clear how to refresh the IdToken in my App without asking the user again for his sign in (like the button does). Or what should I save on the users' device that he has not to sign in after restarting the app. This documentation saves the userid in the Keychain and tries to get the userid again on app start - but where is the idToken / what if the idToken is expired?

Can you collect phone numbers following sign-in with apple? I am creating a firebase backed app and offering users the option to sign in with third party apps such as facebook and google. According to Apple, this means i must also include an option to sign-in with Apple; however my app is getting rejected in the review process for attempting to grab more information from the user after they authenticate with apple. I get that sign-in with apple is supposed to be a one click solution to getting the user interacting with the core of the app; however, we require the user's phone number for app functionality. Is there any way to get the app approved in this situation while still getting the user's phone number at sign-up? I do not see an option to grab the number from the sign-in with apple credential like you can for name.

My application is linking with the customer's apple account on the front end with no problems. But I would like to validate the data when it comes to the backend. Having the userid how can I validate it in node.js? do you have any route that passes the id and returns data such as name and email? Thanks

Hi there, We are using the AuthenticationServices framework in our app to make it possible for users to sign in to their account via an OAuth2 flow. It happens sometimes that the login page, which opens in the in-app browsers via the AuthenticationServices, do not handle the CSRF token correctly resulting in that the user is unable to log in. The form will reject the POST-request since the CSRF token is incorrect. Does someone have experience with this or, even better, a solution? :-)

Question: Do App Clips support receiving callbacks from ASWebAuthentictionSession's redirectCallbackURL? Context: I'm trying to get CloudKit working in an app clip. Read support is done, but it would be nice for the user to see the capabilities before full download. Presently, I have the CloudKit Web Services successfully invoking redirectURL within SafariViewController, but I haven't figured out how to get it to direct to something the App Clip can get a hold of. CloudKit allows you to specify three different callbackURLs: https:// [freeform] http:// localhost[freeform] cloudkit-icloud.:// [freeform] I am new to AuthenticationSerivces framework so I may have missed something. The desired OAuth doesn't need to be CloudKit/iCloud but any provider. Everything is working except the redirect URL.

Hi everyone, I hope you're all doing well. I was wondering what is the most secure way to communicate with a login API to which I send credentials and get Json Web Token in case of a successful login ? Also, where should I store the JWT while the app is running ? I red in the documentation that "ATS requires that HTTP connections use HTTPS", so I thought that using URLSession is a good and secure solution. I'm quite new to SwiftUI and trying to learn what is the most secure way to communicate sensitive data to web API. Thanks in advance for your answers

When I try testing the sign-in with apple button on ANY xcode simulator, it doesn't work. After inputting the password to sign in, the spinner in the password field never stops spinning and nothing from the oauth methods gets printed. I have tested the sign in on multiple real-world devices. It always works. It seems to just be simulators that are causing the issue I'm worried my app will be rejected because of this. Has anyone encountered this? Any fixes?

We discovered one or more bugs in your app.  Specifically, an error is still shown when trying to log in with Sign in with Apple.  Please review the details below and complete the next steps.  Review device details: Device type: iPad and iPhone  OS version: iOS 15.1.0 Next Steps Please run your app on a device to reproduce the issues, then revise and submit your app for review. If at first you're unable to reproduce the issue, try the following:  For new apps, uninstall all previous versions of your app from a device, then install and follow the steps to reproduce.  For app updates, install the new version as an update to the previous version, then follow the steps to reproduce. If we misunderstood the intended behavior of your app, please reply to this message in Resolution Center to provide information on how these features were intended to work. Resources For information about testing apps and preparing them for review, see Technical Note TN2431: App Testing Guide. To learn about troubleshooting networking issues, see About Networking. We tried both scenarios (app update and fresh install) to reproduce the issue on iPadOS 15.1. This was tried on TestFlight build but it was working as expected. Login was success everytime. The implementation is done purely using AuthenticationService. To create request - ASAuthorizationAppleIDProvider().createRequest() To perform request - ASAuthorizationController Somehow app gets rejected everytime. Is there any way to reproduce this issue? How can we debug such issues?

I have been trying to figure this out for like 5 hours, and I can't seem to see what its happening. My app is trying to get users signIn with using Google or Apple methods. Once they finish the SignUp with any provider, It should take them to another screen (OnboardingViewPart2) to finish the profile setup. However, the issue is that when I finish entering my email on the Google SignUp, the screen closes and the app get stuck for like 10 secs and throws the Bad Access error. My debug takes me that there is something going on with AuthService, but I can't figure out what. Firebase recognizes that the method was used, but doesn't create any Collections or Documents. Please Help :) ContentView.swift OnboardingView.swift AuthService.swift OnboardingViewPart2.swift SignInWithGoogle.swift