When attempting to open an otpauth://totp URL on iOS 15 Beta 8 it opens the Password Manager. Based on the documentation & the tagged WWDC session it should only open the iOS Password Manager if the URL contains the apple- prefix. For example: apple-otpauth://totp This is currently breaking our Multi Factor Authentication setup flow. Will this behaviour be changed for the next beta & iOS 15 release?

Have a parent app where user would login using SAML and there are apps of different vendors installed on the same device. We would like to use the same SAML login session with other vendor apps as well. Is this flow possible to implement? Any pointers will be of great help. Thank you in advance.

I know that ASWebAuthenticationSession usually is used with OAuth and similar protocols, but now I' interested, does ASWebAuthenticationSession supports other auth types? I've made such tests (iOS 14.5, Xcode 12.5.1): Tested ASWebAuthenticationSession with kerberos/negotiate URL (with callback scheme http) - SFSafariViewController loads error page with 401 error and no alert for creds; completion handler of ASWebAuthenticationSession is not called; Tested ASWebAuthenticationSession with NTLM, Digest and Basic URLs (with callback scheme http) - SFSafariViewController shows alert for creds; with correct creds content is shown; completion handler of ASWebAuthenticationSession also is not called; Performed the same test with SFSafariViewController - same results. Do I understand correctly, that ASWebAuthenticationSession doesn't support such auth types, but SFSafariViewController supports them? Why SFSafariViewController doesn't show alert for creds in case of kerberos/negotiate auth?

'Sign In With Apple' is not working in the iOS 14 simulators and iOS 15 simulators.

Hi folks! I've been working on some UX improvements for our users and stumbled upon an issue. I extracted codes from our project into a separate project. Here's the link, so you can check it out: https://github.com/SergeyPetrachkov/ASAuthControllerIssueSample So, here's the issue: If I have both email-password and apple id records in my keychain for an app, and want to request that data to do auto-login, I can get email-password based accounts info fine. Apple ID does not work as expected though. I receive ASAuthorizationAppleIDCredential object with authorizationCode == nil. I do receive credential.identityToken and can decode the token. It's a valid one, but the thing is that I need authorizationCode. If I use stand-alone login function of AppleAuthenticator, it works correctly. ASAuthorizationController executes performRequests perfectly and I can get authorizationCode from ASAuthorizationAppleIDCredential. The issue is with AggregatedAuthenticator. It seems that ASAuthorizationController is sort of broken and cannot get all the data if there's more than one request passed to it. AggregatedAuthenticator(anchor: view.window!).startAutoLogin() // does not work with apple id but AppleAuthenticator(anchor: view.window!).login() // works The only difference is that AppleAuthenticator uses only one request in ASAuthorizationController. The only workaround that I could come up with is if I go to AggregatedAuthenticator and do the login again there, see the comment in code: public func authorizationController(controller: ASAuthorizationController, didCompleteWithAuthorization authorization: ASAuthorization) { switch authorization.credential { case let appleIDCredential as ASAuthorizationAppleIDCredential: // Question: here we receive the credential without authorizationCode, but why? appleAuthenticator.login(with: appleIDCredential) // BUT if I do: // appleAuthenticator.login() // it works fine, but it shows that bottom sheet again asking for your face/touch-id again, but only for apple id this time case let emailPasswordPair as ASPasswordCredential: emailAuthenticator.login(with: emailPasswordPair) default: print("Irrelevant stuff") } } Any ideas, folks?

Hello, Apple Team. In our iOS app, we are planning to use ASWebAuthenticationSession for cookie sharing with Safari App for single sign on. Normal steps we can think of are as follows: Start ASWebAuthenticationSession. Alert dialog shows up for user permission. If the user permits, web browser shows up. A certain our web page which set cookies is loaded, and immedeiately redirect to ASWebAuthenticationSession's callbackURLScheme url without user operation. ASWebAuthenticationSession's web browser dismissed. In this case, user does nothing on the web brwoser. So if the web browser does not appear on screen, we think user experience is much better. We find out that ASWebAuthenticationSession's web browser view controller can be hidden by using presentationAnchor(for:) method of ASWebAuthenticationPresentationContextProviding protocol. In this case, only alert dialog for user permission shows up. This is very good UX for our app. But we've found following statement on SFSafariViewController document. https://developer.apple.com/documentation/safariservices/sfsafariviewcontroller Important In accordance with App Store Review Guidelines, this view controller must be used to visibly present information to users; the controller may not be hidden or obscured by other views or layers. Additionally, an app may not use SFSafariViewController to track users without their knowledge and consent. And App Store Review Guidelines saids https://developer.apple.com/app-store/review/guidelines/ (vii) SafariViewController must be used to visibly present information to users; the controller may not be hidden or obscured by other views or layers. Additionally, an app may not use SafariViewController to track users without their knowledge and consent. ASWebAuthenticationSession document saids nothing about like this. But we would like to make clear. Are these statements applied to ASWebAuthenticationSession also? If we hide ASWebAuthenticationSession's web browser, our app will be rejected?

I'm trying to deprecate iOS 13 from my app. One of the compilation warnings I got as a result was: 'SecRequestSharedWebCredential' is deprecated: first deprecated in iOS 14.0 - Use ASAuthorizationController to make an ASAuthorizationPasswordRequest (AuthenticationServices framework) So I tried updating my code as follows let provider = ASAuthorizationPasswordProvider()             let request = provider.createRequest()             let authorizationController = ASAuthorizationController(authorizationRequests: [request])             authorizationController.delegate = self             authorizationController.presentationContextProvider = self             authorizationController.performRequests() But it always calls the delegate callback func authorizationController(controller: ASAuthorizationController, didCompleteWithError error: Error) with error Error Domain=com.apple.AuthenticationServices.AuthorizationError Code=1001 "No credentials available for login." UserInfo={NSLocalizedFailureReason=No credentials available for login.} Even though the device (or simulator) has a stored password for my website. I have my website as an "associated domain" for my app of type webcredentials. What am I doing wrong here?

Hello, Our platform uses Apple ID for authentication and login, both on the web and in our native app. We have noticed that if a user logs in through the web via Apple ID and they have the iOS app installed, the app automatically opens after authentication. This is the URL that seems to open the app: https://appleid.apple.com/auth/authorize?... Is it possible to prevent this? We would like mobile web users to be able to use the mobile web site even if they do have the native app installed. Currently they are forced into the app after login. I've checked a few other apps and this behavior exists among them as well, it doesn't seem to be a quirk of our system only. Thank you! Doug

I am creating links to add TOTP authentication for the iCloud keychain. But after clicking the link, will cause an system crash with macOS 12.0.1 and clicking the link with iOS cause an alert: "Cannot Add Verification Code to This Account - A verification code could not be created from this URL.". I have tried the following link: otpauth://totp/example.com:Username&secret=4SMF2WK32UQZNHO6JWBO3GDJQYI4MP2D4FQA&issuer=example.com I also tried the whole thing with the Apple specific prefix, which resulted in the same error. Is this a general problem with apples integration, or is there anything I am missing?

Is there some way to suggest to the system that it should autofill passwords in a ASWebAuthenticationSession on a domain not previously associated with my app? I'm working on an app that currently has native login and registration screens, password autofill works great and links credentials it to my associated domains. I now need to move these login and registration screens to use ASWebAuthenticationSession and have users authenticate on a website on a new domain. The system does not autofill my apps credentials on these pages. I can add this new domain as an associated domain, and new registrations are able to save the password and then autofill it later. But I can't get previously saved passwords to autofill on this new domain. Is that possible? I did manage to use Shared Web Credentials to save the users credentials against the new domain when they login. But this will only migrate users that login between now and when I switch to ASWebAuthenticationSession, not all users will be migrated. Any new ideas or solutions much appreciated.

I have been trying to figure this out for like 5 hours, and I can't seem to see what its happening. My app is trying to get users signIn with using Google or Apple methods. Once they finish the SignUp with any provider, It should take them to another screen (OnboardingViewPart2) to finish the profile setup. However, the issue is that when I finish entering my email on the Google SignUp, the screen closes and the app get stuck for like 10 secs and throws the Bad Access error. My debug takes me that there is something going on with AuthService, but I can't figure out what. Firebase recognizes that the method was used, but doesn't create any Collections or Documents. Please Help :) ContentView.swift OnboardingView.swift AuthService.swift OnboardingViewPart2.swift SignInWithGoogle.swift

We discovered one or more bugs in your app.  Specifically, an error is still shown when trying to log in with Sign in with Apple.  Please review the details below and complete the next steps.  Review device details: Device type: iPad and iPhone  OS version: iOS 15.1.0 Next Steps Please run your app on a device to reproduce the issues, then revise and submit your app for review. If at first you're unable to reproduce the issue, try the following:  For new apps, uninstall all previous versions of your app from a device, then install and follow the steps to reproduce.  For app updates, install the new version as an update to the previous version, then follow the steps to reproduce. If we misunderstood the intended behavior of your app, please reply to this message in Resolution Center to provide information on how these features were intended to work. Resources For information about testing apps and preparing them for review, see Technical Note TN2431: App Testing Guide. To learn about troubleshooting networking issues, see About Networking. We tried both scenarios (app update and fresh install) to reproduce the issue on iPadOS 15.1. This was tried on TestFlight build but it was working as expected. Login was success everytime. The implementation is done purely using AuthenticationService. To create request - ASAuthorizationAppleIDProvider().createRequest() To perform request - ASAuthorizationController Somehow app gets rejected everytime. Is there any way to reproduce this issue? How can we debug such issues?

When I try testing the sign-in with apple button on ANY xcode simulator, it doesn't work. After inputting the password to sign in, the spinner in the password field never stops spinning and nothing from the oauth methods gets printed. I have tested the sign in on multiple real-world devices. It always works. It seems to just be simulators that are causing the issue I'm worried my app will be rejected because of this. Has anyone encountered this? Any fixes?

Hi everyone, I hope you're all doing well. I was wondering what is the most secure way to communicate with a login API to which I send credentials and get Json Web Token in case of a successful login ? Also, where should I store the JWT while the app is running ? I red in the documentation that "ATS requires that HTTP connections use HTTPS", so I thought that using URLSession is a good and secure solution. I'm quite new to SwiftUI and trying to learn what is the most secure way to communicate sensitive data to web API. Thanks in advance for your answers

Question: Do App Clips support receiving callbacks from ASWebAuthentictionSession's redirectCallbackURL? Context: I'm trying to get CloudKit working in an app clip. Read support is done, but it would be nice for the user to see the capabilities before full download. Presently, I have the CloudKit Web Services successfully invoking redirectURL within SafariViewController, but I haven't figured out how to get it to direct to something the App Clip can get a hold of. CloudKit allows you to specify three different callbackURLs: https:// [freeform] http:// localhost[freeform] cloudkit-icloud.:// [freeform] I am new to AuthenticationSerivces framework so I may have missed something. The desired OAuth doesn't need to be CloudKit/iCloud but any provider. Everything is working except the redirect URL.

Hi there, We are using the AuthenticationServices framework in our app to make it possible for users to sign in to their account via an OAuth2 flow. It happens sometimes that the login page, which opens in the in-app browsers via the AuthenticationServices, do not handle the CSRF token correctly resulting in that the user is unable to log in. The form will reject the POST-request since the CSRF token is incorrect. Does someone have experience with this or, even better, a solution? :-)

My application is linking with the customer's apple account on the front end with no problems. But I would like to validate the data when it comes to the backend. Having the userid how can I validate it in node.js? do you have any route that passes the id and returns data such as name and email? Thanks

Can you collect phone numbers following sign-in with apple? I am creating a firebase backed app and offering users the option to sign in with third party apps such as facebook and google. According to Apple, this means i must also include an option to sign-in with Apple; however my app is getting rejected in the review process for attempting to grab more information from the user after they authenticate with apple. I get that sign-in with apple is supposed to be a one click solution to getting the user interacting with the core of the app; however, we require the user's phone number for app functionality. Is there any way to get the app approved in this situation while still getting the user's phone number at sign-up? I do not see an option to grab the number from the sign-in with apple credential like you can for name.

Hello, I'm writing a small app which requires user accounts and authenticating against a remote backend (REST API) which belongs to the app. What I've done so far, is adding the "Sign in with Apple" button to my SwiftUI and receiving a ASAuthorization object containing user, IdToken, AuthCode, ... When a user signs in the first time, I have to create an account in the backend, saving the userId and Name. This and all future calls to my backend API I want to secure by using the IdToken as Bearer for Authentication. My backend will verify the token as described here. For me, it's not clear how to refresh the IdToken in my App without asking the user again for his sign in (like the button does). Or what should I save on the users' device that he has not to sign in after restarting the app. This documentation saves the userid in the Keychain and tries to get the userid again on app start - but where is the idToken / what if the idToken is expired?