URLSession session-level authentication challenge timeouts

Is the timeout for session-level authentication challenge handling documented somewhere? For example, if I get the urlSession(_:didReceive:) callback for server trust authentication, how long do I have to invoke the completion handler (or return from the callback if using Swift Concurrency)?

Or is this completely dependent on the server's settings?

URLSession suspends its request timeout while waiting for the delegate to respond to an authentication challenge. However, that doesn’t guarantee that there’ll be no timeout. In the case of a server trust evaluation challenge, you’re called during the TLS handshake process. If you delay too long, the server might time out the connection.

You generally deal with this using retry logic and caching. If a request failed during a challenge, you retry, and hopefully that’ll hit your cache of the challenge result.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

URLSession session-level authentication challenge timeouts
 
 
Q