Different SSO behavior for ASWebAuthenticationSession in iOS 14

In our app we're performing authentication using ASWebAuthenticationSession. SSO seems to work fine in iOS 13 for different paths for the same domain but when running the same app in iOS 14, cookies don't seem to be attached to subsequent requests once authenticated in safari window.

I'm not sure if it helps :

Looking at the logging in instruments when running the app in iOS 14 device, I can see : 

Code Block Timestamp	Type	Process	Subsystem	Category	Thread	Message	
00:09.690.903	Default iOS B2c Sample (1691)	CFNetwork	Default iOS B2c Sample 0x1631f	Faulting in NSHTTPCookieStorage singleton	
00:09.690.929	Default iOS B2c Sample (1691)	CFNetwork	Default iOS B2c Sample 0x1631f	Faulting in CFHTTPCookieStorage singleton	
00:09.690.944	Default iOS B2c Sample (1691)	CFNetwork	Default iOS B2c Sample 0x1631f	Creating default cookie storage with default identifier

(Above logs don't happen in iOS 13)

and later in iOS 14: 
Code Block Timestamp	Type	Process	Subsystem	Category	Thread	Message	
00:10.113.701	Debug iOS B2c Sample (1691)	CFNetwork	Default iOS B2c Sample 0x1631c	Task <88E60E41-6B7B-4787-ABF6-B65C92C8FF4E>.<1> request https://testb2c.b2clogin.com/testb2c.onmicrosoft.com/b2c_1_susi/oauth2/v2.0/token is NOT allowed to set HSTS for main doc 

In iOS 13 : 
Code Block Timestamp	Type	Process	Subsystem	Category	Thread	Message	
00:15.570.171	Debug	iOSB2C (5320)	CFNetwork	Default	iOSB2C 0x24045d	Task <79A2078B-718D-4D4D-A46D-1FF1B2238431>.<6> request n/a is NOT allowed to set HSTS for main doc 	
00:23.139.303	Debug	iOSB2C (5320)	CFNetwork	Default iOSB2C 0x24045d	Task <88D45825-FB1E-4C38-8EFF-87A8528B61E3>.<7> request n/a is NOT allowed to set HSTS for main doc 


Has anyone noticed similar issue with ASWebAuthenticationSession?
Up vote post of amepatil Down vote post of amepatil
7.9k views
Posted by
amepatil
Reply
Add a Comment

Accepted Reply

This is fixed in iOS 14.5 beta
Posted by
amepatil
Up vote reply of amepatil Down vote reply of amepatil
Post marked as solved
Add a Comment

Replies

Hello @meaton

Do we have any finding why the cookie is getting lost in redirection flow back to the same server ?

Posted by
aghilesh
Post not yet marked as solved Up vote reply of aghilesh Down vote reply of aghilesh
Add a Comment

Issue is not fixed with ios 14.5 beta

Posted by
nithinprasad549
Post not yet marked as solved Up vote reply of nithinprasad549 Down vote reply of nithinprasad549

  • HI, we are seeing something similar when authenticating into the Workday mobile app on iOS 14.6. Can anyone confirm whether this is seen as a bug internally by the Apple teams? Thanks,

    jeremygibbons
Add a Comment

We are still facing this issue on iOS 14.5 and iOS 15 Beta as well.

Posted by
L6Echo
Up vote reply of L6Echo Down vote reply of L6Echo
Add a Comment

Still facing this issue on iOS 15.2. Any news on this?

Posted by
intellitour
Up vote reply of intellitour Down vote reply of intellitour
Add a Comment