I want my app to save username and password data e.g. at the first login or registration, so later when user tries to log in again it will be offered by the os to auto fill the form. So this is similar when app offers credentials saved in safari, but I also want my app to save this credentials if the login happens there. According to apple documentation I think it should be possible:
https://developer.apple.com/documentation/security/shared_web_credentials/managing_shared_credentials
If the user can create new accounts in your app, you should save the
user name and password to the shared web credentials. In this way, the
user can easily access the account from Safari, as well as from within
your app. You can save the user’s name and password to the shared web
credentials using the SecAddSharedWebCredential(::::) function as
shown.
However when I do this:
SecAddSharedWebCredential(domain as CFString, username as CFString, password as CFString) { error in
if let error = error {
print(error)
}
}
I get the following error printed out:
Error Domain=NSOSStatusErrorDomain Code=-909 "Autofill is not enabled in Safari settings" UserInfo={NSDescription=Autofill is not enabled in Safari settings}
You’ll certify who you are, via Apple, when you create your app, to prove the following:
That your app will be using the Associated Domains capability.
That your Team ID is, in fact, valid.
Check out this tutorial for help How To Secure Your App’s Passwords with Safari AutoFill in iOS 8
Related
I am setting up iOS Autofill Password in my app, and I followed all the guidelines in this tutorial https://medium.com/developerinsider/ios12-password-autofill-automatic-strong-password-and-security-code-autofill-6e7db8da1810. If I have a manually saved password in the keychain for the app's website, it gives me the option to autofill it on login.
However, when the credentials are not saved, the app does not prompt me to save them on login.
My username and password textfields are with correct content types (just like in your tutorial), I have the apple-app-site-association file configured properly, and the associated domains as well.
I don't understand what I am missing.
You didn't put any log about that. But the AutoFill feature has some tricks that need attention as describe on Robots & Pencils and other question in stack overflow
One attention point if you update the apple-app-site-association remove the app from your device and install again because the app store the last version as a cache.
Verify the TEAM ID on apps in apple-app-site-association because many get confused with the signing id from your account.
Known issue:
[AutoFill] Cannot show Automatic Strong Passwords for app bundleID: app.bundle.id due to error: iCloud Keychain is disabled
Do you need check on your macOS on Internet Account -> iCloud -> Keychain is enabled and verify in your idevice if the feature is enabled on Settings -> Apple ID -> iCloud -> Keychain is On
In the other case if you followed the tutorial correctly it will be working
I had the same problem. In my case the issue was that I was clearing the username and password text fields after successful authentication before pushing my next view. Apple's heuristics seem to require the text fields with .username and .password content types to be populated when the view disappears.
I was having same problem. I did all the setup which recommended by Apple (https://developer.apple.com/documentation/security/password_autofill/about_the_password_autofill_workflow).I had few fields in between UserName and Password field on Signup Screen. But when I put Password field just next to UserName field then Apple popup to save password appearing.
I have the same problem, Because 3 textField in my viewController, usernameTextField,passwordTextField and authcodeTextField.Set passWordTextField.becomeFirstResponder() before release the controller, its work for me
In iOS 11 they have introduced password autofill which fills the username and password in iOS app like the same way it does in Safari, User goes to website first, logged in save the username and password in keychain and then open app were the fields are automatically populated, the username and password
can it be implemented in other ways, like I logged in the app first and then while going on the website through Safari it automatically fills the username and password?
Is there any documentation or articles regarding it?
Editing My Answer:
Looks like it is possible to do so. The same kind of association we can see in SharedWebCredentials which is released in iOS8. Using SharedWebCredentials doing in both ways is possible. From app to website and website to app. Assuming Password autofill in iOS11 has done on top of this.
Here is how the association will happen.
We have entitlement certificate for an app where we will provide domain to be linked with. Then we have a website where we will hold information in JSON format related to that website. In that JSON, you have to put your bundle identifier. So when the user saves this passwords and logs in through app. Then the app entitlement file will provide the web address to safari. Safari will bring that JSON file and validate the bundle identifier is same or not. If validation success it will populate username and password.
For more info: Password Autofill in iOS 11
I asked about this at the developer labs at WWDC and was informed that it's possible. The key is that the new password autofill is based on the existing Shared Web Credentials API, which works both ways. If you use that API to save credentials from your app, they'll be available in Mobile Safari. Shared Web Credentials was the topic of a 2014 WWDC session.
I haven't tried it yet, but based on the source I'm pretty confident that it should work.
I have an Username & password. I want to save it for an App. If app will deleted then username password will save for that app only, during reinstall the app it will work. If I instal the app in another devices then that user name password will be work.
For same thing I have some data. I want to save that for future. Means suppose I deleted the App and again reinstall the app again or instal the app in difference device then that data will be secure.
For this purpose I used iCloud, but its taking too much time for sync & sometimes its not working properly.
Please anybody can suggest me how can I doable with this above 2 problems ?
Note: I don't want to use web services. My app is without webservices.
Thanks in advanced.
iCloud
Store Private credential using iCloud
WebService
At first time, User install App, make one service to check using DeviceToken user Device is registered or Not.
if user device is registered then gives you username and password, otherwise Skip and display login page.
At login page you have to pass deviceToken, username and password thorough webservice.
Now you remove and again install app, Apps check using web service to passing DeviceToken, if user is login previous then give UserName and Password.
I've developed an app where in the entered username and password by user is saved using NSUserDefaults.
Any request from user for any service needs this username to be sent. So using NSUserDefaults I'm sending username for each request. Still the iPhone app is logging out without clicking the logout button and starts from the beginning asking for username and password.
As facebook app and others remains once logged in. Please let me know why the app is logging out frequently without clicking logout button.
Thanks in advance.
On launch check if there is a saved username and password, if so use them. When the user enters these save them.
You need to look at the page source from the server for the form request of the credentials, create the form response with the credentials and post it. This is doable and actually not very hard. On one project I did this for auto login and respond to many form requests so the user never saw them.
Do not use NSUserDefaults for credentials, it is not secure. Instead use the Keychain, it is secure.
I want to save authentication of my hotspot in my user preferences. Ex: I sign into my wifi using an app with my username and password, then unblock my network, so next time I'm go in this LAN, it should use the credentials I've put in app. So app has to save the wifi auth in user profile. I'm using NSUserDefaults to store my user and keychain for password. Is this the correct way?
As far as I know, there isn't a way for the app to directly setup an access point in the iOS system; I can not see a reason to save wifi authentication credentials in your app if the system will do this already (probably in a more secure manner)? If you simply save this in your user's preferences, then you will get into security issues if you want to change this password later.
However, yes you can distribute a provisioning profile which contains the credentials to your access point so that the user doesn't need to type it in. You could for example, from the app, open an URL pointing to a server web address that will serve the profile for your users. But then you don't even need an app just for that.. you could generate a QR code pointing to that URL and use one of the existing QRCode decoding apps for example.