Does Universal Links work with unsigned apple-app-site-association JSON?

Question

Created Jul ’15

Replies 22

Boosts 0

Views 30k

Participants 6

I am setting up my apple-app-site-association file follow this tutorial: http://techlife.cookpad.com/entry/2014/12/11/093000

But it does not work.

I setup a free hosting site and upload the apple-app-site-association file onto the root of website: http://universallink.net46.net/apple-app-site-association

1. I created a JSON file and named it handoff.json:

{
  "applinks":
  {
       "apps":[],
       "details":
       {
            "XXXXXXXXXX.com.home.universallinks":
            {
                 "paths":["*"]
            }
       }
  }
}

The XXXXXXXXXX here is the team id of the Development provisioning profile (not the distribution one)

2. I used Keychain Access app to export a iPhone developerment certificate to a Certificates.p12 key.

3. I signed the JSON file with these commands:

Create a certificate in the openssl command.

openssl pkcs12 -in Certificates.p12 -clcerts -nokeys -out output_crt.pem

Create a secret key.

openssl pkcs12 -in Certificates.p12 -nocerts -nodes -out output_key.pem

Create an intermediate certificate.

openssl pkcs12 -in Certificates.p12 -cacerts -nokeys -out sample.ca-bundle

Sign the handoff.json file with the following command.

cat handoff.json | openssl smime -sign -inkey output_key.pem -signer output_crt.pem -certfile sample.ca-bundle -noattr -nodetach -outform DER> apple-app-site-association

4. I uploaded the signed file "apple-app-site-association" onto the root of website: http://universallink.net46.net/apple-app-site-association

5. I configured the entitlement:

<dict>
<key>com.apple.developer.associated-domains</key>
<array>
  <string>applinks:universallink.net46.net</string>
  <string>applinks:www.universallink.net46.net</string>
</array>
</dict>

6. I implement the function application:continueActivity.... and return YES.

7. I installed the app on the iOS 9 beta 4 device and also installed the Certificates.p12 at step 3 into the device.

8. I sent a message to myself: http://universallink.net46.net

9. I expected my app would be launched but actually, it was Safari.

I don't know if I did something wrong.

Boost

Answer 1

HieuFromHCMC OP

Jul ’15

I have implemented a handoff example for website-to-native app and it worked fine on iOS 8.

But on iOS 9, at the bottom right of lock screen, the Safari icon is displayed instead of the app icon.

Is this an issue of iOS 9?

0

Answer 2

HieuFromHCMC OP

Jul ’15

Please be noted that The XXXXXXXXXX here is the team id of the Distrubution provisioning profile.

2. I used Keychain Access app to export a iPhone Distribution certificate to a Certificates.p12 key.

0

Answer 3

shortstuffsushi OP

Aug ’15

Have you looked at the logs from the app when you install (the device log, not the Xcode log). The apple-app-site-association file is currently only pulled on the first launch of an app, and if there is an error, it will be output in the device console. For me, I saw kFormatErr a number of times before getting the JSON file signed properly, I'm guessing you're seeing something similar. Note as well that your certificate must be from a valid CA -- it's not clear from your description that it is, since you're using a developer certificate, and not a valid SSL Cert.

0

Answer 4

HieuFromHCMC OP

Aug ’15

Yes, the main issue is that I don't have a valid SSL Cert.

But I heard that the JSON file doesn't need to be signed from iOS 9 beta 2 and later.

But when I implement it, it does not work with the unsigned JSON also.

I doubt that there's a problem with the JSON format?

There's a person using account dguastaf said that he/she could make it with unsigned JSON in this thread:

https://forums.developer.apple.com/thread/5360

0

Answer 5

Max108 OP

Aug ’15

Hi Hieu,

One step that you don't mention having done is adding your app domain to your app capabilities on Xcode. You have to prefix it with

applinks:

and also add any subdomains and variants that you might have (www.domain.com, news.domain.com, etc.).

Max.

0

Answer 6

shortstuffsushi OP

Aug ’15

Max,

The hoko blog does a great job of entirely missing the most important step -- signing. It basically just regurgitates the very basics that Apple provides developers without actually delving into any of the problems people trying to implement this actually face. In it's current form, I don't recommend it, as it's a very thinly veiled attempt to get you on their platform without any actual helpful content. Very disappointed.

--

Graham

0

Answer 7

Max108 OP

Aug ’15

Hi Graham,

On closer inspection, I believe you're right about the hoko link (deleted now) - some people claim to have got this working without signing, which is interesting, but not conclusive. Anyway I do agree that an accessible resource for this that does actually address the problems of implementation that some are having is needed, but I've not found one yet...

Max

0

Answer 8

shortstuffsushi OP

Aug ’15

Max,

Sorry about the little rant. That link was about the only source of help available from a Google, and it was ultimately a let down. I think I'm actually going to throw together a quick service that can do *most* of the validation for you -- it seems like that would be helpful since Apple doesn't provide anything.

--

Graham

0

Answer 9

Max108 OP

Aug ’15

🙂 No problem - it's frustrating when there's a lack of resources to help get an important function to work. I'm sure that such a service as you describe would be greatly appreciated.

0

Answer 10

HieuFromHCMC OP

Aug ’15

Hi Max,

I configured the applinks at step 5 in my post.

I am trying to get a free HTTPS host to test the unsigned JSON.

0

Answer 11

HieuFromHCMC OP

Aug ’15

After seeing the device log, I found out that the first launch of the app will download apple-app-site-association JSON file from HTTPS domain, not HTTP.

So that is the problem.

I am using GitHub pages for testing with HTTPS domain.

But the next problem I am facing is that iOS does not download the JSON file from GitHub page without "www" prefix (GitHub only provide https://hieuth.github.io/ not https://www.hieuth.github.io/)

0

Answer 12

shortstuffsushi OP

Aug ’15

Well, I created a service allowing you to try things out and see a lot of common errors. Unfortunately, the forum moderators aren't allowing me to post a link to it directly. If you're interested in trying it out, you can look on my Github profile (same as my username) under Universal Link Validator.

0

Answer 13

Beto_Bens OP

Sep ’15

Hello, I used your universal link validator and get this message "Your file must be served with content type "application/pkcs7-mime"", do you know what does mean it?

1

Answer 14

shortstuffsushi OP

Sep ’15

Sure -- one of the requirements from Apple's site is that the file be served with the header "Content-Type: application/pkcs7-mime." Depending on the server your using, there are different ways to set this encoding, or if you're serving that file via code, you can specify that header yourself. You can see what it's being returned with by looking at the request in your browsers network tab, or by cURLing via `curl -s -D your-site/apple-app-site-association -o /dev/null`.

This is mentioned on this page under the "Adding the Site Association File" section

https://developer.apple.com/library/ios/documentation/Security/Reference/SharedWebCredentialsRef/

0

Answer 15

opswhisperer OP

Sep ’15

Did anyone ever figure out whats wrong here? I've done all the same things as everyone else but links just open in Safari. HTTPS web server, validated I can get the json file, tied signed and unsigned. No dice.

Watching my webserver log, no request is ever made to /apple-app-site-association

I see one "got it working" in this thread but no actual solution. I'll been pulling my hair out on this all day. What am I missing?

0