Hidden ASWebAuthenticationSession and Review Guidelines

Hello, Apple Team.

In our iOS app, we are planning to use ASWebAuthenticationSession for cookie sharing with Safari App for single sign on.

Normal steps we can think of are as follows:

  1. Start ASWebAuthenticationSession.
  2. Alert dialog shows up for user permission.
  3. If the user permits, web browser shows up.
  4. A certain our web page which set cookies is loaded, and immedeiately redirect to ASWebAuthenticationSession's callbackURLScheme url without user operation.
  5. ASWebAuthenticationSession's web browser dismissed.

In this case, user does nothing on the web brwoser. So if the web browser does not appear on screen, we think user experience is much better.

We find out that ASWebAuthenticationSession's web browser view controller can be hidden by using presentationAnchor(for:) method of ASWebAuthenticationPresentationContextProviding protocol. In this case, only alert dialog for user permission shows up. This is very good UX for our app.

But we've found following statement on SFSafariViewController document. https://developer.apple.com/documentation/safariservices/sfsafariviewcontroller

Important
In accordance with App Store Review Guidelines, this view controller must be used to visibly present information to users; the controller may not be hidden or obscured by other views or layers. Additionally, an app may not use SFSafariViewController to track users without their knowledge and consent.

And App Store Review Guidelines saids https://developer.apple.com/app-store/review/guidelines/

(vii) SafariViewController must be used to visibly present information to users; the controller may not be hidden or obscured by other views or layers. Additionally, an app may not use SafariViewController to track users without their knowledge and consent.

ASWebAuthenticationSession document saids nothing about like this. But we would like to make clear.

Are these statements applied to ASWebAuthenticationSession also?

If we hide ASWebAuthenticationSession's web browser, our app will be rejected?

Post not yet marked as solved Up vote post of keiichiitoucp Down vote post of keiichiitoucp
1.7k views
  • How can you able to hide ASWebAuthenticationSession's web browser from UI?

Add a Comment

Replies

In some cases is likely that a session is still alive in the SFSafariViewController, in such scenarios just a silent load would be great for UX.

Can Apple confirm this would be allowed?