Here's my setup:
I have an AWS CloudFront distribution with custom and valid SSL certificate (from ACM)
the CF distribution points to an S3 bucket
My domain example.com is a A record with alias to my CF distribution
I uploaded apple-app-site-association and .well-known/apple-app-site-association to my bucket with the following parameters: Public Read, Content-Type=application/pkcs7-mime
My apple-app-site-association is as follows:
{
"webcredentials": {
"apps": [ "TeamID.BundleId1",
"TeamID.BundleId2" ]
}
}
Of course the values are replaced with my team's ID and the bundle Ids of my 2 apps.
When I run
curl -i https://example.com/apple-app-site-association
or
curl -i https://example.com/.well-known/apple-app-site-association
I have the following result:
HTTP/2 200
content-type: application/pkcs7-mime
content-length: 156
date: Wed, 18 Dec 2019 03:08:15 GMT
last-modified: Wed, 18 Dec 2019 03:04:14 GMT
etag: "redacted"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 redacted.cloudfront.net (CloudFront)
x-amz-cf-pop: redacted
x-amz-cf-id: redacted
{
"webcredentials": {
"apps": [ "TeamID.BundleId1",
"TeamID.BundleId2" ]
}
}
Which tells me the file is valid and correctly hosted.
On the Xcode side, my target has the following row in Signing & Capabilities > Associated Domains:
webcredentials:example.com
So my entitlements file looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>aps-environment</key>
<string>development</string>
<key>com.apple.developer.associated-domains</key>
<array>
<string>webcredentials:example.com</string>
</array>
</dict>
</plist>
However when I go to my Sign Up screen on the app, I have the following console log:
[AutoFill] Cannot show Automatic Strong Passwords for app bundleID:
BundleId due to error: Cannot save passwords
for this app. Make sure you have set up Associated Domains for your
app and AutoFill Passwords is enabled in Settings
I am testing on a real device on iOS 13 and AutoFill is enabled.
Note: my app is not live yet (in case I am advised to use the Apple crawler aka App Search API Validation Tool)
Thanks in advance for any help!
From the docs:
Note
If your app runs in iOS 9 or later and you use HTTPS to serve the apple-app-site-association file, you can create a plain text file that uses the application/json MIME type and you don’t need to sign it. If you support Handoff and Shared Web Credentials in iOS 8, you still need to sign the file as described in Shared Web Credentials Reference.
So the content-type: application/pkcs7-mime in your response seems wrong, try changing that to application/json.
I finally managed to get it working. I did 4 different things, I think only 2 of them are important but I'll post them all here in case it helps someone with the same issue.
1: Use my iPhone Developer ID instead of my Team ID (important)
As I was debugging the app on dev environment, the app is signed with my iPhone Developer certificate, not my team's production certificate. So I changed my apple-app-site-association file from
{
"webcredentials": {
"apps": [ "TeamID.BundleId1",
"TeamID.BundleId2" ]
}
}
to
{
"webcredentials": {
"apps": [ "TeamID.BundleId1",
"TeamID.BundleId2",
"iPhoneDeveloperID.BundleId1",
"iPhoneDeveloperID.BundleId2" ]
}
}
2: Invalidate AWS CloudFront cache before testing (important)
While testing, I eventually found out that I was sometimes getting an old version of my apple-app-site-association, depending on which device or software application I was using to fetch it.
So I logged in to the CF console, selected my distribution, selected the Invalidations tab, and created an Invalidation with Object Path /.well-known/apple-app-site-association.
3: Add App Links
I'm not sure whether that made any difference for my issue, as I only invalidated the cache after I tried this, but just in case it helps someone, I decided to add App Links to my app. I added the following object after webcredentials in my apple-app-site-association
"applinks": {
"apps": [],
"details": [
{
"appID": "iPhoneDeveloperID.BundleId1",
"paths": [ "*"]
},
{
"appID": "iPhoneDeveloperID.BundleId2",
"paths": [ "*" ]
},
{
"appID": "TeamID.BundleId1",
"paths": [ "*"]
},
{
"appID": "TeamID.BundleId2",
"paths": [ "*" ]
}
]
}
Make sure the app you're testing is at the top, as the others will get discarded (the first wildcard wins). This must obviously be changed before going to production.
And I added the following entitlement to my app
<string>applinks:example.com</string>
4: Only use .well-known
Again, I don't believe this is important, but instead of having to upload my file twice for each test, I stopped using the root directory, and only uploaded to /.well-known/apple-app-site-association
In case it helps someone else I had similar problem with the file not being valid with correct content type header. I re-uploaded the file using the following:
aws s3 cp --content-type "application/pkcs7-mime" public/.well-known/apple-app-site-association s3://mywebsite/.well-known/
Related
I've followed instructions from the apple for enabling universal links.
Following is my aasa file
{
"applinks": {
"apps": [],
"details": [
{
"appID": "app.store.app",
"paths": ["*"]
},
{
"appID": "enterprise.app",
"paths": ["*"]
}
]
}
}
I am able to use universal link for the app store app. But I've never been able to open links for the enterprise app(apps that are created for internal distribution https://developer.apple.com/programs/enterprise/)...
I have followed https://developer.apple.com/library/archive/documentation/General/Conceptual/AppSearch/UniversalLinks.html and made sure that "The appID value is the same value that’s associated with the “application-identifier” key in your app’s entitlements after you build it". I have also check the entitlement file having the domain
Is there any document from Apple stating that enterprise apps cannot use universal link?
Thanks in advance!
YES
In order to allow such a behavior, be sure to provide the apporiate TEAMID in the json file, as described https://developer.apple.com/documentation/uikit/inter-process_communication/allowing_apps_and_websites_to_link_to_your_content/enabling_universal_links
"details": [{
"appID": "D3KQX62K1A.com.example.photoapp",
"paths": ["/albums"]
Moreover if your internal apps point to another server than the public one, remind to add a new associated domain in your app capabilities
Do not forget to remove the the developer mode from the associated domain when you are going to distribute your application.
We had the issue that Universal Links didn't work for a distributed Enterprise Application.
Removing the developer mode fixed it.
Even after 48 hours, as said in apple documentation, apple-app-site-association is not working in my application. I have checked with [apple validation tools] (https://search.developer.apple.com/appsearch-validation-tool/) but its showing Error no apps associated with url in the Link to Application. Here is the format of my apple-app-site-association file
{
"applinks": {
"apps": [],
"details": [{
"appID": "{team_id}.{bundle_id}",
"paths": ["*"]
}]
}
}
I have also enabled Associated Domains for the appId from developer.apple.com and in the XCode capabilities settings also.
I have already tried [this] (iOS Universal Links not working via TestFlight)
Also check the Apple Developer Forum but couldn't find a solution there also.
Little late to this thread but if you want Apple to call your app-site-association file each time the app is installed, simply do this:
applinks:[domain]?mode=developer
This way you can change the settings of the file while developing!
Make sure you are following these steps
Enabled Associated Domains in the app App services from the developer.apple.com
Set the domain name correctly in the Associated Domains in the Xcode capabilities and also enabled this.
You have correctly generated the apple-app-site-association file. The file must not have any extension. Here is the format for the file:
{
"applinks": {
"apps": [],
"details": [{
"appID": “{app_prefix}.{your_app_bundle_identifier}”,
"paths": ["*"]
}]
}
}
Make sure apps tag in the file is be empty and appID is made up of your app Prefix and bundle identifier separated by.
NOTE: I don't know why but I am using app prefix instead teamID as mentioned in most of the posts and even on the apple documentation. But it didn't work for me.
You can also try by using app prefix of the app id instead of teamID
Universal links work perfectly fine in development, but once I sign the applications and deploy them to TestFlight and App Store, it looks like the apple-app-site-association is not fetched and therefore the app isn't registered for oppening the universal links.
1. /.well-known/apple-app-site-association file:
{
"applinks": {
"apps": [],
"details": [{
"appID": "myteamid.com.mycompany.appName",
"paths": ["*"]
}]
}
}
The server part looks OK, since it is successfuly fetched whenever I run the app via the cable on my phone.
App Search API Validation tool returns this for Link to application:
Action required
Could not extract required information for Universal Links. Learn how
to implement the recommended Universal Links.
Error no apps with domain entitlements
The entitlement data used to verify deep link dual authentication is from the current released version of your app. This data may take 48 hours to update.
2) Capabilities:
Associated domains - ON with Domain list of:
applinks: link.mycompany.com
Other things I have turned on are: Push Notifications and Background Modes.
3) Provisioning profile:
I created a new one after adding the Universal links and Push notifications and it includes:
Capabilities:
Associated Domains,
List item
Game Center,
In-App Purchase,
Keychain Sharing,
Push Notifications.
Entitlements:
get-task-allow,
app-enviroment,
com.apple.developer.associated-domains,
com.apple.developer.team-identifier,
application-identifier,
beta-reports-active,
keychain-access-groups
4) While installing the app, it behaves different in test flight then it does when loading via cable:
Via cable I can see the successfull http request for the apple-app-site-association file and finally form the process swcd: "Added service 'applinks', appID 'myteamid.com.mycompany.appName', domain 'link.mycompany.com' "
Test flight - when installing there is no sign of http request and the following line is shown if I previously had the app installed via cable: "Removed service 'applinks', app ID 'myteamid.com.mycompany.appName', domain 'link.mycompany.com' (removed domain) "
This of course results in the fact that whenever I install the app via TestFlight or Describution, the Universal links do not work.
Any ideas where it goes wrong?
I finally got to the bottom of this with help of Apple Developer Technical Support. In my (cordova) project folder there are two files:
Entitlements-Debug.plist
Entitlements-Release.plist
When I add the value applinks:mywebpage.com to Capabilities->Associated domains->Domains, the Entitlements-Debug.plist got the lines:
<key>com.apple.developer.associated-domains</key>
<array>
<string>applinks:mywebpage.com</string>=
</array>
BUT the Entitlements-Release.plist did not change. What I did to solve the issue is to copy-paste the generated lines form the Entitlements-Debug.plist. After this, I did the exact same Archive and upload process as before and everything worked fine.
I need to open my app from the email.
this is the email url: http://staging.imixedtape.com/accept_invite?token=be484a99b1f4554e42b7232dc2268c5e
And for this i need to integrate universal link in my app.
this is my apple-app-site-association file which opens via:
http://staging.imixedtape.com/apple-app-site-association
it returns:
{
"applinks": {
"apps": [],
"details": [
{
"appID": "ZVDN92A33X.com.lemondeit.mixedtape",
"paths": ["*"]
}
]
}
}
Still my app is not opening up from the link provided above.
I have added the domain "staging.imixedtape.com" in the associated domain capabilities tab.
I don't know what's left. also the apple-app-site-association file is uploded onto the root of the server.
Also i have edited my scheme to Release rather Debug, and i am testing it on the real device
This is my apple-app-site-association file:
{
"applinks": {
"apps": [],
"details": [
{
"paths": [
"*",
"\/doubanapp\/*",
"\/authorHome"
],
"appID": "KV99XUUJ3U.com.moer.MoerFinance"
}
]
}
}
I already set Xcode Associated Domains, this is my screenshot:
I use https://search.developer.apple.com/appsearch-validation-tool/ test my domains,but get error:
Error no apps with domain entitlements The entitlement data used to
verify deep link dual authentication is from the current released
version of your app. This data may take 48 hours to update.
If my app must be released then wait for 48 hours?
There is no requirement that your app be live in the App Store for Universal Links to work.
However, looking at https://moer.jiemian.com/apple-app-site-association and https://moer.cn/apple-app-site-association, both are serving invalid SSL certificates. iOS will reject these, which breaks Universal Links.
I'll put in a shameless plug here for Branch.io (full disclosure: I'm on the Branch team), in case you're just looking for simple deep linking and don't want to deal with these set up details.
For the self-signed cert issue, have you tried adding ?mode=developer to the URL in your entitlements (e.g. applinks:mydomain.com?mode=developer) for the Associated Domains?
This is the format for the domain when you're using an untrusted cert:
<service>:<fully qualified domain>?mode=<alternate mode>
with
<alternate mode> set to developer as in my example above
Docs say:
developer
Specifies that only devices in developer mode can access the domain. In this mode, you can use any valid SSL certificate on your web server, including a certificate the system doesn’t trust. Make sure you don’t expose your users to security issues, such as man-in-the-middle attacks. As an added precaution, only apps signed with a development profile can use developer mode, and users must opt in on any device they use.
Here's the reference documentation from Apple - scroll to the bottom of the page:
https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_developer_associated-domains