We are working on a project which involves having App A do single sign-on for App B. App A wants to share state with App B. In iOS10, we were planning to use the SFSafariWebViewController for App A to point to an endpoint and set a cookie. Since the cookie in SFSafariWebViewController can be shared with native Safari, App B can open up SFSafariWebViewController instance and point to the same endpoint and the cookie would be picked up and send to the server. This would allow App A to authenticate the user and to set a cookie, such that App B can hit the same endpoint and pass the cookie over as proof of authentication.
According to WWDC 17 Session 225, IOS 11 changes the behaviour of the SFSafariWebViewController and the Safari app, to keep persisted data within the scope of the app , e.g. no cookie sharing. With this change, we are no longer able to share state between two apps. This authentication flow is a slight customization of the Open ID Connect (oAuth) standard flow. My understanding is that the change in iOS11 will break the Open ID Connect flow as well for apps that use SFSafariWebViewController.
What alternatives Apple recommends given the changes to SFSafariWebViewController in iOS11? How are two applications meant to share state if they cannot be grouped (two different companies, app devs) and due to security we do not want to be passing parameters between two applications.