I have website hosted on domain that is associated with iOS mobile app.
Inside mobile app I want to access cookies from this website, which are stored in Chrome and Safari browsers on iPhone.
Is it even possible? And how it can be done?
If I can’t do it, maybe there is some official way of solving task of accessing some website data from app like webcredentials?
Related
I am working on PWA app using React-Redux. Using Adal for azure login. 2 factor authentication is enabled for the user.
Problem is on iOS when the user gets the Pin for 2 FA and switches away from app to see the pin in the messaging app and comes back to PWA app, PWA refreshes and takes the user to login page.
I have searched everywhere and could not find any answer to this.
iOS 12.2 was just released 2 days agao and it fixed the problem:
PWAs (Progressive Web App) have a new lifecycle and on most normal situations, the state of your app will be saved and restored between sessions.
A link to an external site opens in a “PWA In-App browser” instead of Safari and if the external site links to the PWA’s scope again, the navigation goes back to the PWA. Now we can log in users on external origins within a PWA (such as with OAuth). Credit to Medium article
Try maintaining state using IndexedDB. This will work with a PWA on iOS Safari. Another advantage of using indexedDB is that pages on the same domain that live outside of the PWA can write to IndexedDB and that data can be read, any encryption signature verified, and used by the PWA, which also has access to IndexedDB.
I know that SFSafariViewController has private cookie storage and other implementations. However, I know that we may write an extension for every (every native system) Swift class.
I need either to share cookies with native Safari, or to open Safari from my app with some header request. At least, how to create an API for getting/setting cookies?
Cookie sharing between SFSafariVC and native Safari has been disabled in iOS >= 11.
At WWDC, Apple announced a change in the behavior of Safari View Controller with iOS 11 in that stored data (cookies, local storage, etc.) will no longer be shared between instances of Safari View Controller. We've confirmed this in-house with a beta version, and this seems to be independently confirmed by the folks at Branch.
From AppAuth-iOS' repo: user whitehatguy
The only API for SFSafariVC is to create a new instance for a given URL. You can't set or modify cookies.
If you need to execute custom code, have a look at WKWebView (iOS >= 8) / UIWebView (iOS < 8). Useful answers: Getting cookies in WKWebView
SFAuthenticationSession was created to allow SSO/OAuth authentication flows, which shares cookies with native Safari but developers have no direct access.
A class that manages sharing a one-time web service login, along with cookies and website data, between Safari and an app, which can also be used for automatic login for other associated apps.
The two cases where you would use SFAuthenticationSession are:
Logging in to a third party's service using an authentication protocol (e.g. OAuth). This option works well for social network applications.
Providing a single sign-on (SSO) experience for applications. This option works well for enterprise companies that have many applications installed on the same device.
SFAuthenticationSession's documentation by Apple
I just want to know if you think it's possible to get credentials from safari cookie to log someone directly in web view in my app.
I have a "linkedin connect" way to connect into my app.
For the moment, if you have the Linkedin application installed on your device, you could connect in one click. But if you don't have it locally, I opened a webview on linkedin to ask you if you are ok to give us access to your information to create your profile. But currently the user has to re-enter their email and password manually since they don't benefit from the browser's login data.
I would like to fill the field or connect directly the user if he was connected in safari, Do you think it's possible, if yes, what can I used to do this?
Thank you!
NO, thats not possible. Safari is different app than your app and hence web view is safari don't share anything with web view with your app until it has extension to share.bjects of UIWebView class and Safari or other browsers are different and sandboxed. You can check here (official documentation.)
What you want with Linked in is possible with Facebook -- because face book login authentication method provides way to share data between apps -- But in Linkedin there is no similar way.
As given in the answer here, Safari and UIWebview don't seem to share cookies as they are sand boxed from one another.
Let's assume you have a mobile web app under the domain mobile.example.com and a desktop web-app under the domain example.com.
Web Browser–to–Native App Handoff is working and catches all the routes under those domains.
If you manually visit mobile.example.com, all subsequent links under that domain remain within Mobile Safari, as they should. You then encounter a link to example.com which would under normal circumstances, render responsively in Mobile Safari. With Handoff enabled, it opens with the Native app.
Is there a way to work around this behavior and keep it within Mobile Safari?
So, now twitter from 25 sep supports universal linking, it means that when UIWebView hits https://twitter.com/oauth/authorize?oauth_token link, it tries to open a twitter app, and if it is there, then it redirects me to auth page with auth error, so I wonder, how can I disable it from code, without uninstalling twitter app, or how I can enable universal linking auth in my xamarin ios app? Is it possible at all?
(similar question but for native: Disable Twitter Universal Deep Links)
Unless Twitter removes/updates the apps section of "https://www.twitter.com/apple-app-site-association" to allow a bypass or a secondary oauth that is not in the apple-app-site-association file I do not see how you would do it. These files are signed and iOS handles them at an OS level.
I have not played around very much with the continueUserActivity delegate and the NSUserActivity object that is passed to apps launched from UNI links, but I do not see a way for the launched app (i.e. Twitter) to return control to the original app, and at that point the oauth call-chain would be broken anyway....
Unique. Unlike custom URL schemes, universal links can’t be claimed by other apps, because they use standard HTTP or HTTPS links to your website.
Secure. When users install your app, iOS checks a file that you’ve uploaded to your web server to make sure that your website allows your app to open URLs on its behalf. Only you can create and upload this file, so the association of your website with your app is secure.
Via: https://developer.apple.com/library/prerelease/ios/documentation/General/Conceptual/AppSearch/UniversalLinks.html