Unexpected system confirmation dialog when opening a Universal Link

Safari & Web General
Neurowork OP
Created 1w
Replies 2
Boosts 0
Views 490
Participants 2

Subject: Unexpected system confirmation dialog when opening a Universal Link

Description of the issue:

We’re implementing a login flow using Native iOS apps, Universal Links, and OpenID Connect authentication. Our domain is correctly configured with the apple-app-site-association file, and Universal Links work as expected.

However, under certain circumstances, the behavior differs on the same login page:

  1. The user connects to the OIDC provider in their mobile browser.
  2. Instead of automatically switching to the Native application, a popup asks the user to open the app.

The behavior depends on how the login page is opened:

  • When opened in a new browser tab, the Universal Link opens the app immediately without showing any system confirmation dialog.
  • When the same tab is reused without a page refresh, iOS displays a system confirmation dialog asking the user to open the link in the app. This confirmation dialog doesn’t appear in the first scenario.

This additional system dialog impacts the user experience, as we aim for a frictionless and seamless login flow with minimal confirmation steps.

Question: Why does the app switch work automatically only the first time?

Is this intentional iOS behavior? If so, what security requirement or system rule causes a confirmation dialog when reusing the same tab, but not when redirecting in a new tab or pressing a button on the reused tab? Is this expected design, or should we adjust our side to avoid this dialog?

Environment details:

  • Verified on two devices
  • iOS versions: 18.7.2, 26.1

Thanks for your help.

Replies  2
Boosts  0
Views  490
Participants  2
DTS Engineer OP
Apple
1w

Thank you for your post. Very interesting. Your observation regarding the behavior of Universal Links on iOS, where the app opens automatically in some instances but prompts a confirmation dialog in others, is intentional and aligns with iOS’s security and user experience considerations.

Apple implemented this confirmation mechanism partially due to security concerns. While this behavior is designed to enhance security and user control, Universal Links requires proper configuration of Apple-app-site-association files and associated domains. It is recommended to verify configurations using Apple’s validation tools to identify and resolve any technical inconsistencies. For more information, please refer to the following document: TN3155: Debugging universal links | Apple Developer Documentation

In my opinion, best practices for Universal Links and redirect handling should be adopted to optimize user experiences as much as possible. Oh remember the iOS will also remembers how the user want to handle each link.

Albert Pascual
  Worldwide Developer Relations.

0
Neurowork OP
1w

We did follow the debugging guide.

The issue here is to understand why it works correctly the first time, meaning that the Apple-app-site-association files and associated domains are configured correctly, and not the second time while remaining on the same tab.

We need help understanding what the security difference is between the first invocation and second knowing that it is the exact same website executed and javascript code executed on both attempts.

0
Unexpected system confirmation dialog when opening a Universal Link
First post date Last post date
 
 
Q