Hi! We are having a hard time with the universal link, help is appreciated! Thanks in advance! The universal link doesn't work after installation for some time. A user has to wait for from 5 to a couple of hours after the app is installed on the device. This has also affected App reviewers since we need the universal link to work for successful login. Each submission will receive a rejection of we cannot login and it will be approved until we kindly ask them to try again. I believe the JSON is delivered to devices by Apple's CDN system and the fact that it works on most devices most of the time should imply that we have a valid apple-app-site-association setup. So I am really confused about the wait time, which is giving us trouble with app review and a bad user experience

Hello, we are currently encountering a similar issue. We need to inject our capabilities into a third-party app by re-signing it (not a full re-signing process—just requiring the provisioning profile and certificate to match). However, this seems to affect the functionality of universal links. We've found that this issue only occurs on iOS 18. We noticed that when re-signing the app, the entitlements related to associated domains are changed to a wildcard: [Key] com.apple.developer.associated-domains [Value] [Array] [String] * However, this doesn’t cause any issues on iOS 17. Through further testing, we discovered that in order for universal links to work properly, we need to restore the original value of com.apple.developer.associated-domains and use a provisioning profile that matches the app's bundle ID. This means our previous re-signing approach using a certificate and provisioning profile from another bundle will no longer work. We’d like to ask: is this a new restriction introduced in iOS 18? If we manually restore the original com.apple.developer.associated-domains entitlement and use a provisioning profile that matches the app’s bundle ID, will universal links function correctly going forward?

I've defined a URL scheme for my application, and that's being honored by iOS. But the function that's supposed to handle the URL in my appliation (as documented here) is never called. The documentation doesn't say exactly where this is supposed to go. I've tried it in my App struct: @main struct MyGreatApp: App { var body: some Scene { WindowGroup { MainView() } } // Handle custom URLs, specifically the ones sent in invitation E-mails or texts. func application(_ application: UIApplication, open theURL: URL, options: [UIApplication.OpenURLOptionsKey : Any] = [:] ) -> Bool { // Determine who sent the URL. let sendingAppID = options[.sourceApplication] print("source application = \(sendingAppID ?? "Unknown")") ... And I also tried putting this at the file level. No dice either way. Anybody have an idea why? To head off things I've seen in other posts: I'm not using scenes, and there's no SceneDelegate.

We put the apple-app-site-association file at https://ourdomain.com.tr/.well-known/apple-app-site-association. When we send a request to url, we get 200 response code every time and we can see the file. But sometimes when we try to access https://app-site-association.cdn-apple.com/a/v1/ourdomain.com.tr url with browser or CMD tool, we are facing with 404 response code. There isn't any ip adress filter in our systems and we tried using vpn for sending same request from different locations(america and europe) but nothing changed. In addition, can anyone provide the ip list of apple cdn servers to check the F5 Load balancer WAF logs? CMD output: C:\Users\Name>curl -Lv https://app-site-association.cdn-apple.com/a/v1/ourdomain.com.tr Host app-site-association.cdn-apple.com:443 was resolved. IPv6: (none) IPv4: 17.253.122.197, 17.253.15.210, 17.253.122.196, 17.253.107.201, 17.253.57.203, 17.253.15.198, 17.253.57.200 Trying 17.253.122.197:443... Connected to app-site-association.cdn-apple.com (17.253.122.197) port 443 schannel: disabled automatic use of client certificate ALPN: curl offers http/1.1 ALPN: server accepted http/1.1 using HTTP/1.x GET /a/v1/ourdomain.com HTTP/1.1 Host: app-site-association.cdn-apple.com User-Agent: curl/8.9.1 Accept: / Request completely sent off schannel: remote party requests renegotiation schannel: renegotiating SSL/TLS connection schannel: SSL/TLS connection renegotiated < HTTP/1.1 404 Not Found < Apple-Failure-Details: {"cause":"context deadline exceeded (Client.Timeout exceeded while awaiting headers)"} < Apple-Failure-Reason: SWCERR00301 Timeout < Apple-From: https://ourdomain.com.tr/.well-known/apple-app-site-association < Apple-Try-Direct: true < Cache-Control: max-age=3600,public < Content-Length: 10 < Content-Type: text/plain; charset=utf-8 < Date: Mon, 14 Apr 2025 12:52:04 GMT < Expires: Mon, 14 Apr 2025 12:52:14 GMT < Age: 1770 < Via: http/1.1 uklon5-vp-vst-004.ts.apple.com (acdn/268.14469), https/1.1 uklon5-vp-vfe-002.ts.apple.com (acdn/268.14469), http/1.1 frmrs1-edge-mx-008.ts.apple.com (acdn/268.14469), http/1.1 frmrs1-edge-fx-005.ts.apple.com (acdn/268.14469) < X-Cache: hit-fresh, hit-stale, hit-fresh, hit-fresh < CDNUUID: 9e72cf99-1503-4644-9ea3-173328a25c94-31496306226 < Connection: keep-alive < Not Found Connection #0 to host app-site-association.cdn-apple.com left intact

We are planning to use our internal IdP (PingFederate) for authentication of end users in their iOS apps using ASWebAuthenticationSession. Initial tests are successful, but the user is prompted for every login (and logouts) with a consent dialogue box: “AppName” wants to use “internal domain-name” to Sign In This allows the app and website to share information about you. Cancel Continue” Let’s say that our top-level domain is “company.no”, where our IdP is placed at “idp.company.com”. I have seen examples where the Associated domains entitlement points to the idp as a webserver for serving the JSON output AASA file. In this case that would be: authsrv: idp.company.com Anyone with experience implementing this structure with the IdP as webserver for serving the JSON output? Our problem is that trying to use the IdP as webserver for this purpose is that it is very complicated to modify the IdP’s webserver configuration. Also, this modification needs to be re-done every time we need to upgrade the IdP. My question is therefore also related to the options of which webserver to install the AASA file on. Has anyone installed the file on a generic webserver on the toplevel domain like “webserver.company.com” ?

I have universal links configured for my iOS app which work as expected when the app is installed. When the app is not installed the universal link will go to the browser as expected. What I want to do is redirect to the app store, allow the user to install the app, then redirect them to the initial universal link. Redirecting them to the app store isn't the hard part I can achieve that from the webpage, however I don't know how to save a reference to that initial link to redirect them once they instal the app. What I want the flow to be for a user who doesn't have the app is: visit a universal link (example.com/UUID) redirect to the app store and install the app open the app and redirect to example.com/UUID I've seen some ways people are doing this with the clipboard but I don't love that solution, I also don't want to use a 3rd party service if I can avoid it - how are the 3rd party services making this happen?

I'm developing an iOS app that utilizes Universal Links and ASWebAuthenticationSession to deep-link from a website to the app itself. This implementation adheres to the recommendations outlined in RFC 8252, ensuring that the app opening the ASWebAuthenticationSession is the same app that is launched via the Universal Link. Problem: 　While most users can successfully launch the app via Universal Links,a few percent of users experience instances where the app fails to launch, and the user is redirected to the browser. What I've Tried: 　ASWebAuthenticationSession Configuration: I've double-checked the configuration of callbackURLScheme and presentationContextProvider. 　Universal Links: Verified the apple-app-site-association file and associated domains entitlement. 　Network Conditions: Tested on various network environments (Wi-Fi, cellular) and devices. Questions: 　What are the potential causes for this behavior? 　Has anyone else encountered a similar issue and found a solution? 　Are there any debugging techniques or ways to generate more detailed logs? I haven't been able to determine which device or OS version is causing this problem. Thank you.

We have an Angular web application which gets installed as a webclip on client iPads. The web application has buttons that will take the user directly to our native iOS application. We also would like a way for our webclip application when opened to perform some data lookups and if certain conditions are met, then take the user directly to our native iOS app. We're using vanilla JS window.open. This works well when the user manually taps button. However, this does not work when the webclip application tries to open the native iOS app without user interaction. In that case the window.open does nothing. The window.open target URL is the exact same in both cases. We tried using URL Schemes instead of Universal Links but with this the iPad displays a modal asking "Do you want to open ?". For our use case, this is unacceptable. Is there any way for us to skip this prompt? We'd like there to be no additional action needed from the user to be able to get from webclip to native iOS app beyond simply opening the webclip.

Dear Apple Support Team, I hope this message finds you well. I’m reaching out to inquire about the limitations of deferred deep linking within iOS applications. Specifically, I’m interested in understanding the constraints and challenges that prevent deferred deep links from functioning as expected in certain scenarios (e.g., when the app is not installed or other related issues). Additionally, I would like to ask if there are any recommended alternative approaches or solutions to implement deep linking, ensuring that users can still be directed to specific content or screens even if they need to install the app first. Your insights and guidance would be greatly appreciated as I work to enhance the user experience in my app. Thank you for your time and assistance. Best regards, Santosh

My ASA file is located here https://staging.docyt.com/apple-appsite-association It downloads fine. It does not have .json extension and neither does it reside inside the ./well-known folder. Should it work? Because opening the link https://staging.docyt.com/reset-password is not opening the app installed via TestFlight . Installing via XCode however works fine. Please help

Hello! I'm working with universal links in my app and have configured the /.well-known/apple-app-site-association file. Currently, I use the paths array in this file to define URL routing rules. However, I’m struggling to find up-to-date documentation on the pattern syntax supported by the paths field. "paths": [ "/page/*", "NOT /page/*/subpage" ] Could someone clarify: Is the paths array still officially supported, or is it deprecated in favor of the newer components dictionary (as referenced here https://developer.apple.com/documentation/bundleresources/applinks/details-swift.dictionary/components-swift.dictionary)? If paths is still valid, where can I find documentation for its pattern-matching capabilities? I want to ensure my implementation aligns with Apple’s current best practices. Thank you!

We are looking to setup domain-bound codes for our app and need to add the associated domain file to our website. We currently do not use Universal Links or Password AutoFill. We have looked at the documentation but are not sure of what the contents of the association file should be to enable domain-bound codes if you are not using Universal Links or Password AutoFill. Can any assistance be provided?

Hello! I'm having an issue with my universal links. Apple AASA CDN couldn't get the AASA file. I'm trying to reproduce the issue, but I get the file correctly. curl -A "AASA-Bot/1.0.0" https://hoff.ru/.well-known/apple-app-site-association But, unfortunately, https://app-site-association.cdn-apple.com/a/v1/hoff.ru Returns 404 Not Found. And the Error Header contains error, that there is and HTML < symbol, which is the sign of 403 error responsed by NGINX. * Request completely sent off < HTTP/1.1 404 Not Found < Apple-Failure-Details: {"cause":"invalid character '\u003c' looking for beginning of value"} < Apple-Failure-Reason: SWCERR00401 Bad JSON content < Apple-From: https://hoff.ru/.well-known/apple-app-site-association < Apple-Try-Direct: false Can you tell me what's the problem? I don't see any requests from 17.0.0.0/8 subnet which is now open for our site. Can you please investigate my problem?

Hello, I'm currently working with Smart App Banners and trying to test how they appear and behave on iOS. However, I need to test the Smart Banner in a debug or non-production environment to ensure everything works as expected. According to the documentation for Smart App Banners (https://developer.apple.com/documentation/webkit/promoting-apps-with-smart-app-banners?language=objc), it appears that the banner only shows in production builds or live apps. Is there any way to trigger or test the Smart Banner in a debug mode or non-production environment? Any advice or workaround for testing this feature would be greatly appreciated! Thank you in advance!

I have a simple Safari extension for iOS. In its popup, I want a button that will open the app via a universal link. I have this kind-of working, except that Safari opens the actual online destination of the link with a banner at the top saying "Open in the XXXX app" and an OPEN button. What do I have to do to go directly to the app? More generally, I know that if I copy-and-paste a universal link into the Safari address bar, Safari does the same thing - but it does go directly to the app from an <a href="...."> link. In my app extension JavaScript, I set window.location. Presumably this is too similar to pasting into the address bar. Is there some alternative to setting window.location that is more like clicking on a link and will go directly to the universal link's app? Thanks.

Hello, We do not have explicitly set it our website, but still Smart Banner appears since we have universal link setup. (current URL matches the universal link patterns set in your apple-app-site-associations file ). Also, I understand it appears only for users having our app installed. We do not want to show this banner in any case. is there any way to choose not to show the app banner? either setting additional meta or any other way would work. regards, Hussain

Hello, we encountered a 403 error while accessing AASA. > curl -i 'https://app-site-association.cdn-apple.com/a/v1/finture.id' HTTP/1.1 404 Not Found Content-Type: text/plain; charset=utf-8 Content-Length: 10 Connection: keep-alive Server: nginx Date: Fri, 28 Feb 2025 03:17:02 GMT Expires: Fri, 28 Feb 2025 03:17:12 GMT Age: 1122 Apple-Failure-Details: {"status":"403 Forbidden"} Apple-Failure-Reason: SWCERR00101 Bad HTTP Response: 403 Forbidden Apple-From: https://finture.id/.well-known/apple-app-site-association Apple-Try-Direct: false Via: https/1.1 jptyo12-3p-pst-007.ts.apple.com (acdn/14454.1), http/1.1 jptyo12-3p-pac-027.ts.apple.com (acdn/14454.1), https/1.1 jptyo12-3p-pfe-014.ts.apple.com (acdn/14454.1) X-Cache: MISS KS-CLOUD CDNUUID: 51e5b30b-1f3c-4778-bb6f-cff5447ad763-1988011596 x-link-via: ntct03:443;xianymp018:443;gzct61:443;xg36:443; x-b2f-cs-cache: no-cache X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-36-07 X-Cache-Status: MISS from KS-CLOUD-GZ-CT-61-05 X-Cache-Status: MISS from KS-CLOUD-XIANY-MP-018-25 X-Cache-Status: MISS from KS-CLOUD-NT-CT-03-03 X-KSC-Request-ID: f1f2bf47e4b7e7b93596bbe7d60b1583 CDN-Server: KSFTF X-Cdn-Request-ID: f1f2bf47e4b7e7b93596bbe7d60b1583 Not Found But we can access https://finture.id/.well-known/apple-app-site-association. How should we solve this, thank you.

We have been having problems with our app clip not working when sharing through iMessage. The app and app clip are published and work correctly when scanning a QR code that points to the URL: https://www.coderus.com/locations?loc=1 however if this same URL is shared through the iMessage app, a link to the website displays and not the app clip card. We have confirmed that: AASA file is available and has the type application/json Both devices are above iOS 14 Both devices are in each other's contacts The website has the meta tag for the smart app clip banner The website has a meta tag for the og:image Launch experiences have been configured on AppStoreConnect - as said before, the QR codes work correctly The link leads to a 404 page, I wasn't sure if there needs to be an actual page that the link points to as app clips seem to work fine without when scanning the QR code through the camera app.

Hello, I'm having trouble modifying Universal Links in my application I already have a Universal Links configuration, but now I need to change it to https://iyb-cityapp1.sjdit.com/.well-known/apple-app-site-association. After the configuration is completed, I click this link https://iyb-cityapp1.sjdit.com/index.html in Notes.app and it opens in Safari and does not open the application. What did I do wrong? Thanks for your help!

I’m seeking guidance on an issue with my iOS app’s universal link for email verification. The link successfully opens my app, but the verification logic never runs. Here is my setup and the problem details: Associated Domains & AASA I have Associated Domains set to applinks:talkio.me in Xcode. The AASA file is located at https://talkio.me/.well-known/apple-app-site-association with the following contents: { "applinks": { "apps": [], "details": [ { "appID": "VMCWZ2A2KQ.com.elbaba.Flake2", "paths": [ "/verify*" ] } ] } } The direct link we send in the email looks like: https://talkio.me/verify?mode=verifyEmail&oobCode=XYZ&apiKey=ABC When tapped, the app launches, but the universal link handler code below never logs the URL nor triggers the verifyEmailUsing logic. SceneDelegate Logic In my SceneDelegate.swift, I handle universal links in both scene(:willConnectTo:options:) and scene(:continue:userActivity:restorationHandler:): func scene(_ scene: UIScene, willConnectTo session: UISceneSession, options connectionOptions: UIScene.ConnectionOptions) { // ... if let urlContext = connectionOptions.urlContexts.first { let url = urlContext.url print("SceneDelegate: App launched with URL: (url.absoluteString)") handleUniversalLink(url: url) } } func scene(_ scene: UIScene, continue userActivity: NSUserActivity, restorationHandler: @escaping ([UIUserActivityRestoring]?) -> Void) -> Bool { print("⚠️ scene(_:continue:) got called!") guard let url = userActivity.webpageURL else { print("No webpageURL in userActivity.") return false } print("SceneDelegate: Universal Link => (url.absoluteString)") handleUniversalLink(url: url) return true } private func handleUniversalLink(url: URL) { let urlString = url.absoluteString if let oobCode = getQueryParam(urlString, named: "oobCode") { verifyEmailUsing(oobCode) } else { print("No oobCode found => not a verify link.") } } // ... Expected Log: SceneDelegate: App launched with URL: https://talkio.me/verify?mode=verifyEmail&oobCode=XYZ&apiKey=ABC However, I only see: SceneDelegate: sceneDidBecomeActive called No mention of the universal link is printed. Result: The app opens on tapping the link but does not call handleUniversalLink(...). Consequently, Auth.auth().checkActionCode(oobCode) and Auth.auth().applyActionCode(oobCode) are never triggered. What I Tried: Verified the AASA file is served over HTTPS, with content type application/json. Reinstalled the app to refresh iOS’s associated domain cache. Confirmed my Team ID (VMCWZ2A2KQ) and Bundle ID (com.elbaba.Flake2) match in the app’s entitlements. Confirmed the link path "/verify*" matches the link structure in emails. Despite these checks, the universal link logic is not invoked. Could you help me identify why the link is not recognized as a universal link and how to ensure iOS calls my SceneDelegate methods with the correct URL? Any guidance on diagnosing or resolving this universal link issue would be greatly appreciated.