im trying to use ASWebAuthenticationSession to authenticate with a private identity provider.
Authentication with ASWebAuthenticationSession starts
Callback with my custom scheme got called
I need all Cookies of this requests to authenticate the User within my WKWebView. The callback only sends me the url of my custom scheme and not the request.
I can't transfer the Cookies within the url of my custom scheme because i reach the maximum length of url.
ASWebAuthenticationSession doesn't use HTTPCookieStorage to store the Cookies while the authentication?!
session = ASWebAuthenticationSession(url: urlToCall, callbackURLScheme: scheme)
{ callbackURL, error in
let cookie = callbackURL?.absoluteString.split(separator: "=")[1]
print("Session is \(cookie)")
//How to get Cookies here?
}
Does anyone have solutions?
Related
I have an iOS app that authenticates for api access and I have a request to throw the user into safari, not a WKWebView but still keep them authenticated.
Is there anyway to securely share the session between an iOS app and full safari?
I have looked into WKProcesspools but I am not sure that will quite do it.
Not sure about WKProcesspools, but you can share the session using Query parmaters.
Format your weburl to include verification token as a query parameter.
When you verify user via API, you must get the token from response. Pass this token as a query parameter in your url and redirect to Safari.
URL - https://www.example.com/page1
URL with token - https://www.example.com/page1?token=asdfv12324fvfropfc23as
Extra care to prevent copy/paste of token:
When creating token, pass IP Address or MAC Address as parameter of your API and based on these addresses you can check if the request is coming from same address. This will take care of the device authentication.
I'm using ASWebAuthenticationSession for OAuth and all works well when I can use my custom scheme. However, when I try it with a service that requires a protocol in the redirect url "https://myapp.com/auth", I just see "cannot find server..." after I do the authorization steps.
You have to use your private scheme instead of https which is handled by Safari.
Set your project to handle your scheme: com.my.app (for example)
Init session for you scheme: let session = ASWebAuthenticationSession(url: url, callbackURLScheme: "com.my.app://", completionHandler: completion)
Further readings:
https://developer.apple.com/documentation/uikit/inter-process_communication/allowing_apps_and_websites_to_link_to_your_content/defining_a_custom_url_scheme_for_your_app
https://www.rfc-editor.org/rfc/rfc8252#section-7.1
I made a login application with 2 text field username, password and web view for after login. Here url
var request = URLRequest(url: URL(string: "https://website.com/tr/webservicelogin?_username=\(vc.username)&_password=\(vc.password)&status=login&mobil=true")!)
When I enter the username and password these are display session id on webview page. I want to get this session id from cookie after login. Any idea?
The backend is the one who is responsible for session management. When you are requesting the backend for login, backend creates a session for you and passes you the session identifier back. Since this moment, your other requests inside your client headers should contain session identifier, according to which backend identifies session user.
Apple has created NSHTTPCookieStorage API for managing that in a client side: API Reference.
In case you are creating a sample login application, you shouldn't mess with cookies.
P.S. You don't want to send user credentials unencrypted (security violation).
In the web api for /authorize a refresh and access token are returned. How can I access/ receive a refresh token similar to what is returned in /authorize?
Something like SPTAuth.defaultInstance().refreshToken?
You need to create a URL scheme for your app. Something like:
appName://SpotifyAuthentication
Then when you register your dev account with Spotify, you need to enter that as the redirect URI. When you make the request on the device (GET https://accounts.spotify.com/authorize?client_id=.....&response_type=code& redirect_uri=appName%3A%2F%2FSpotifyAuthentication&.....), it will call this URI automatically and will call: application:openURL:options: in AppDelegate.
The URL query string will contain your auth token. IE: appName://SpotifyAuthentication?authToken=someToken.
For iOS, I have written a custom delegate and implementation of NSUrlSession. It is working fine for Http urls. But when I try to download image resources from a HTTPS source that has been authenticated and which require a Cookie to be passed, the download fails with a NSUrlErrorCode -1013 or -1002.
NSMutableUrlRequest req = new NSMutableUrlRequest(new NSUrl(uri.ToString()));
req.Headers = dictHeaders;//
NSUrlSessionDownloadTask newTask = session.CreateDownloadTask(req);
activeDownloads.Add(newTask);
newTask.Resume();
So in the NSUrlSessionDownloadDelegate I have implemented the DidReceiveChallenge method but am not passing anything there currently because I want to pass the cookie from my initial login as above.
NSUrlSession uses shared session for the complete app but my initial login API is done using RestSharp.RestClient which fetches the cookie that I can use throughout the app.
So my question is how do I pass the cookie to NSUrlSession ?
As far as I know, all work with cookies goes through NSHTTPCookieStorage class https://developer.apple.com/library/ios/documentation/Cocoa/Reference/Foundation/Classes/NSHTTPCookieStorage_Class/index.html. You can use cookieAcceptPolicy to configure how cookies are used in your application and even manually add/remove cookies if needed.
NSURLSession will take cookie from NSHTTPCookieStorage.