I'm experiencing a strange issue where ASWebAuthenticationSession works perfectly when running from Xcode (both Debug and Release), but fails on TestFlight builds.
The setup:
- iOS app using
ASWebAuthenticationSessionfor OIDC login (Keycloak) - Custom URL scheme callback (
myapp://) prefersEphemeralWebBrowserSession = false
The issue:
- When using iOS Keychain autofill (with Face ID/Touch ID or normal iphone pw, that auto-submits the form) -> works perfectly
- When manually typing credentials and clicking the login button -> fails with white screen
When it fails, the form POST from Keycloak back to my server (/signin-oidc) never reaches the server at all. The authentication session just shows a white screen.
Reproduced on:
- Multiple devices (iPhone 15 Pro, etc.)
- iOS 18.x
- Xcode 16.x
- Multiple TestFlight testers confirmed same behavior
What I've tried:
- Clearing Safari cookies/data
- prefersEphemeralWebBrowserSession = true and false
- Different SameSite cookie policies on server
- Verified custom URL scheme is registered and works (testing myapp://test in Safari opens the app)
Why custom URL scheme instead of Universal Links:
We couldn't get Universal Links to trigger from a js redirect (window.location.href) within ASWebAuthenticationSession. Only custom URL schemes seemed to be intercepted. If there's a way to make Universal Links work in this context, without a manual user-interaction we'd be happy to try.
iOS Keychain autofill works
The only working path is iOS Keychain autofill that requires iphone-authentication and auto-submits the form. Any manual form submission fails, but only on TestFlight - not Xcode builds.
Has anyone encountered this or know a workaround?