Hi,
is ASWebAuthenticationSession checking the App Transport Security Settings when it calls the give URL? For example if I configure Certificate Transparency for the domain of URL, will the domains certificate be correctly verified?
Background is that we want certificate pinning for our authentication flow and as fare I undertand it that is not possible with ASWebAuthenticationSession. Certificate Transparency can be configured in ATS and if ASWebAuthenticationSession obeys to ATS, that would be a valid replacement for pinning the cert.
Thanks!
Best
Alex
Certificate Transparency (CT) can be configured in ATS and if
obeys to ATS, that would be a valid replacement for pinning the cert.ASWebAuthenticationSession
Have you read the Apple’s Certificate Transparency policy article, published by Apple Support? This policy is enforced by iOS 12.1.1 (and the related watchOS and tvOS releases) and macOS 10.14.2, so if you’re running on a modern system your question is irrelevant because you get CT on all connections.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"