I’d like to confirm something regarding the hosting of the apple-app-site-association (AASA) file. We have a server that publicly hosts the AASA file and is accessible globally. However, this server sits behind an additional security layer (a security server/reverse proxy). My question is: Will this security layer affect Apple’s ability to access and validate the AASA file for Universal Links or App Clips? Are there specific requirements (e.g. headers, redirects, TLS versions, etc.) that we need to ensure the security server does not block or modify? Any guidance or best practices would be appreciated. Thanks!

I have been trying to add improved tvOS login using an Associated Domain and web credentials. In some places, I am seeing that the format is <TEAM_ID>.<BUNDLE_ID>, and in other places I am seeing <APP_ID>.<BUNDLE_ID>. I am having trouble getting both to work, but in order to properly troubleshoot, I want to make sure that I am using the correct identifier. Can someone give me a definitive answer? The documentation says app id, but I have seen Apple engineers in this forum say team id, and many other posts around the internet also saying team id.

Our app includes showing external web service with WebView or Safari and returning to the app with custom URL scheme or universal link. When we set "Hide and Require Face ID" feature which was available on iOS 18, neither custom URL scheme nor universal link activated the app. If we only set "Require Face ID", the deep link worked properly. Here is what we've tried: Define custom URL scheme or universal link in the app https://developer.apple.com/documentation/xcode/defining-a-custom-url-scheme-for-your-app https://developer.apple.com/documentation/xcode/supporting-universal-links-in-your-app Implement external web service with one of the following frameworks ASWebAuthenticationSession https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession/ SFSafariViewController https://developer.apple.com/documentation/safariservices/sfsafariviewcontroller Safari WKWebView https://developer.apple.com/documentation/webkit/wkwebview On iOS 18 device, install the app and set "Hide and Require Face ID" Access external web page and tap the link which activates custom URL scheme or universal link We expected the deep link to work, but the results were: Custom URL scheme & ASWebAuthenticationSession/SFSafariViewController/Safari The system shows "Cannot open the page because the address is invalid" Custom URL scheme & WKWebView Nothing happens when tapping the link Universal link Directed to the server with associated domain file, but the system doesn't call the app which is defined in the associated domain file We tested the feature with the app built with Xcode16 beta 6, and the device with iOS 18 Seed 8(22A5350a). Does hide app feature support custom URL scheme and universal link?

I have hosted my AASA file in https://powerbrowser.app/.well-known/apple-app-site-association in signed format as per documentation. I still can not see open in app button when open a link by long press. By the way i have activated 'Associated Domains' and put proper entitlements as per documantation.

We have implemented Universal Links for iOS. We have deployed the following file as per the documentation: /.well-known/apple-app-site-association Everything works fine until my organization applied domain-level block on traffic out side my country. We need to whitelist Apple servers but we cannot find their IPs or domains used to access this file.

I need to know the https address of a certain page within my app. This is going to be used as a redirect URL. I don't think it is a good idea to use deep links because it has to be an https address. I don't think Universal Links will work because it is not my website that I will be communicating with.

I am trying to setup a unversal linking for my new developing app. but it look like not function well. did any one have some examples or demo domains suggest to use? In fact finally my app is just internal using, user will not suppose connect to internet , how can I using the universal linking without a website ? Thanks

Without developer mode, I was able to get Password AutoFill to work in my SwiftUI app with my local Vapor server using ngrok and adding the Associated Domains capability with the value webcredentials:....ngrok-free.app and the respective apple-app-site-association file on my local server in /.well-known/. (works on device, but not in the simulator). However, if I use the developer mode (webcredentials:....ngrok-free.app?mode=developer) it only works halfway when running from Xcode: I get asked to save the password, but the saved passwords are not picked up, when I try to login again. Neither on device, nor in the simulator. If I remove the ?mode=developer it seems to work as expected. Is this by design, or am I missing something? var body: some View { ... Section(header: Text("Email")) { TextField("Email", text: $viewModel.credentials.username) .textContentType(.username) .autocapitalization(.none) .keyboardType(.emailAddress) } Section(header: Text("Passwort")) { SecureField("Passwort", text: $viewModel.credentials.password) .textContentType(.password) } ... }

In a project having both an app and a website, the following two website urls are to be handed over to the corresponding app: https://www.example.com/search?plus https://www.example.com/search?query=something In AASA file, this becomes: "components": [ { "/": "/search", "?": { "plus": "", "query": "?*" } } However, finally it does not work for both urls. Only the one with "query" works by hand over to app. For investigation, I have tried this for the problematic link: "components": [ { "/": "/search", "?": "plus" } and this works. How can I get both to work? (note that for the sake of brevity, only a portion of the AASA files are shown)

Hello, We're facing an issue with app links failing and falling back to browser website journeys. Our apple-app-site-association file is hosted publicly and the app to app journeys have been working correctly up to very recently - we are trying to identify any potential network infra changes that could have impacted the Apple CDN being able to retrieve the apple-app-site-association file. We can see in the iPhone OS logs that the links cannot be verified by the swcd process, and using the app-site-association.cdn-apple.com/a/v1 api via curl can also see the CDN has no record of the AASA file. Due to the traffic being SSL and to a high volume enterprise site it is difficult for use to trace activity through anything other that the source IPs - we cannot filter on user-agent for "AASA-Bot/1.0.0" as breaking the SSL would be impactful due to the load. Is it possible to get a network range used by the Apple CDN to retrieve the AASA file as this would help us identify potential blocking behaviour? Thank you.

I've a strange problem which is only occurring on 2 client devices. We have enabled Universal links, and have it fully tested and working. On one client device, the link never opens our app; but here's the strange thing: If I long-press on our link (in Messages), it gives a preview (as expected), and the context menu offers "Open in ", as well as "Open in Safari". Tapping on "Open in " does nothing. I've tried the following: Checked I could access the site-association file over https with no redirects Enabled developer mode and used universal link debug feature: pasted the same link - Developer mode says it will open the app. I've carried out the sysdiagnose; And there are entries in there for our app in swcutil_show.txt. Snipped below: Service: applinks App ID: <my fully qualified app bundle id> App Version: 760.0 App PI: <LSPersistentIdentifier 0x6b8008930> { v = 0, t = 0x8, u = 0x45c, db = DC8D18A2-430D-4AD4-A5BE-B7A003CF9A6F, {length = 8, bytes = 0x5c04000000000000} } Domain: www.<mydomain>.com Patterns: {"/":"/cc/*"}, {"?":{"t":"*"},"/":"/md/"} User Approval: unspecified Site/Fmwk Approval: approved Flags: Last Checked: 2025-04-29 09:10:21 +0000 Next Check: 2025-05-04 08:42:50 +0000 -------------------------------------------------------------------------------- Service: applinks App ID: <my fully qualified app bundle id> App Version: 760.0 App PI: <LSPersistentIdentifier 0x6b8008930> { v = 0, t = 0x8, u = 0x45c, db = DC8D18A2-430D-4AD4-A5BE-B7A003CF9A6F, {length = 8, bytes = 0x5c04000000000000} } Domain: <mydomain>.com Patterns: {"/":"/cc/*"}, {"?":{"t":"*"},"/":"/md/"} User Approval: unspecified Site/Fmwk Approval: approved Flags: Last Checked: 2025-04-29 09:10:21 +0000 Next Check: 2025-05-04 08:42:50 +0000 -------------------------------------------------------------------------------- Service: applinks App ID: <my fully qualified app bundle id> App Version: 760.0 App PI: <LSPersistentIdentifier 0x6b8008930> { v = 0, t = 0x8, u = 0x45c, db = DC8D18A2-430D-4AD4-A5BE-B7A003CF9A6F, {length = 8, bytes = 0x5c04000000000000} } Domain: *.<mydomain>.com Patterns: {"/":"/cc/*"}, {"?":{"t":"*"},"/":"/md/"} User Approval: unspecified Site/Fmwk Approval: approved Flags: Last Checked: 2025-04-29 09:10:21 +0000 Next Check: 2025-05-04 08:42:50 +0000 -------------------------------------------------------------------------------- The version numbers match the installed version of my app I've tried running logging and just capturing logs before and after I press the "open in ", but there's nothing suspicious in there. And the kicker - it's only happening on a single device. No other devices are experiencing this.

Question: I'm aware of the AASA file hosting procedure to make app clips work and link them to your website, but IIRC you can trigger app clips via the simple appclip.apple.com URL too, right? As a result no need to host the AASA file. Like my app store connect gave me the URL https://appclip.apple.com/id?p=myname.myappsname.Clip but when I click it it says "This app clip is not currently available in your country or region". However I'm also getting Bad JSON content on the View Status under the domain. I'm so confused.

Hi! We are having a hard time with the universal link, help is appreciated! Thanks in advance! The universal link doesn't work after installation for some time. A user has to wait for from 5 to a couple of hours after the app is installed on the device. This has also affected App reviewers since we need the universal link to work for successful login. Each submission will receive a rejection of we cannot login and it will be approved until we kindly ask them to try again. I believe the JSON is delivered to devices by Apple's CDN system and the fact that it works on most devices most of the time should imply that we have a valid apple-app-site-association setup. So I am really confused about the wait time, which is giving us trouble with app review and a bad user experience

Hello, we are currently encountering a similar issue. We need to inject our capabilities into a third-party app by re-signing it (not a full re-signing process—just requiring the provisioning profile and certificate to match). However, this seems to affect the functionality of universal links. We've found that this issue only occurs on iOS 18. We noticed that when re-signing the app, the entitlements related to associated domains are changed to a wildcard: [Key] com.apple.developer.associated-domains [Value] [Array] [String] * However, this doesn’t cause any issues on iOS 17. Through further testing, we discovered that in order for universal links to work properly, we need to restore the original value of com.apple.developer.associated-domains and use a provisioning profile that matches the app's bundle ID. This means our previous re-signing approach using a certificate and provisioning profile from another bundle will no longer work. We’d like to ask: is this a new restriction introduced in iOS 18? If we manually restore the original com.apple.developer.associated-domains entitlement and use a provisioning profile that matches the app’s bundle ID, will universal links function correctly going forward?

I've defined a URL scheme for my application, and that's being honored by iOS. But the function that's supposed to handle the URL in my appliation (as documented here) is never called. The documentation doesn't say exactly where this is supposed to go. I've tried it in my App struct: @main struct MyGreatApp: App { var body: some Scene { WindowGroup { MainView() } } // Handle custom URLs, specifically the ones sent in invitation E-mails or texts. func application(_ application: UIApplication, open theURL: URL, options: [UIApplication.OpenURLOptionsKey : Any] = [:] ) -> Bool { // Determine who sent the URL. let sendingAppID = options[.sourceApplication] print("source application = \(sendingAppID ?? "Unknown")") ... And I also tried putting this at the file level. No dice either way. Anybody have an idea why? To head off things I've seen in other posts: I'm not using scenes, and there's no SceneDelegate.

We are planning to use our internal IdP (PingFederate) for authentication of end users in their iOS apps using ASWebAuthenticationSession. Initial tests are successful, but the user is prompted for every login (and logouts) with a consent dialogue box: “AppName” wants to use “internal domain-name” to Sign In This allows the app and website to share information about you. Cancel Continue” Let’s say that our top-level domain is “company.no”, where our IdP is placed at “idp.company.com”. I have seen examples where the Associated domains entitlement points to the idp as a webserver for serving the JSON output AASA file. In this case that would be: authsrv: idp.company.com Anyone with experience implementing this structure with the IdP as webserver for serving the JSON output? Our problem is that trying to use the IdP as webserver for this purpose is that it is very complicated to modify the IdP’s webserver configuration. Also, this modification needs to be re-done every time we need to upgrade the IdP. My question is therefore also related to the options of which webserver to install the AASA file on. Has anyone installed the file on a generic webserver on the toplevel domain like “webserver.company.com” ?

I have universal links configured for my iOS app which work as expected when the app is installed. When the app is not installed the universal link will go to the browser as expected. What I want to do is redirect to the app store, allow the user to install the app, then redirect them to the initial universal link. Redirecting them to the app store isn't the hard part I can achieve that from the webpage, however I don't know how to save a reference to that initial link to redirect them once they instal the app. What I want the flow to be for a user who doesn't have the app is: visit a universal link (example.com/UUID) redirect to the app store and install the app open the app and redirect to example.com/UUID I've seen some ways people are doing this with the clipboard but I don't love that solution, I also don't want to use a 3rd party service if I can avoid it - how are the 3rd party services making this happen?

I'm developing an iOS app that utilizes Universal Links and ASWebAuthenticationSession to deep-link from a website to the app itself. This implementation adheres to the recommendations outlined in RFC 8252, ensuring that the app opening the ASWebAuthenticationSession is the same app that is launched via the Universal Link. Problem: 　While most users can successfully launch the app via Universal Links,a few percent of users experience instances where the app fails to launch, and the user is redirected to the browser. What I've Tried: 　ASWebAuthenticationSession Configuration: I've double-checked the configuration of callbackURLScheme and presentationContextProvider. 　Universal Links: Verified the apple-app-site-association file and associated domains entitlement. 　Network Conditions: Tested on various network environments (Wi-Fi, cellular) and devices. Questions: 　What are the potential causes for this behavior? 　Has anyone else encountered a similar issue and found a solution? 　Are there any debugging techniques or ways to generate more detailed logs? I haven't been able to determine which device or OS version is causing this problem. Thank you.