I know that SFSafariViewController has private cookie storage and other implementations. However, I know that we may write an extension for every (every native system) Swift class.
I need either to share cookies with native Safari, or to open Safari from my app with some header request. At least, how to create an API for getting/setting cookies?
Cookie sharing between SFSafariVC and native Safari has been disabled in iOS >= 11.
At WWDC, Apple announced a change in the behavior of Safari View Controller with iOS 11 in that stored data (cookies, local storage, etc.) will no longer be shared between instances of Safari View Controller. We've confirmed this in-house with a beta version, and this seems to be independently confirmed by the folks at Branch.
From AppAuth-iOS' repo: user whitehatguy
The only API for SFSafariVC is to create a new instance for a given URL. You can't set or modify cookies.
If you need to execute custom code, have a look at WKWebView (iOS >= 8) / UIWebView (iOS < 8). Useful answers: Getting cookies in WKWebView
SFAuthenticationSession was created to allow SSO/OAuth authentication flows, which shares cookies with native Safari but developers have no direct access.
A class that manages sharing a one-time web service login, along with cookies and website data, between Safari and an app, which can also be used for automatic login for other associated apps.
The two cases where you would use SFAuthenticationSession are:
Logging in to a third party's service using an authentication protocol (e.g. OAuth). This option works well for social network applications.
Providing a single sign-on (SSO) experience for applications. This option works well for enterprise companies that have many applications installed on the same device.
SFAuthenticationSession's documentation by Apple
Related
Not able to share cookies between MSAL library to WkWebview.
I have used MSALlibrary for authentication in the iOS app, In the app, there are few functionalities that were not implemented in iOS so, we are navigating to the web application(using WKWebview) where it asks every time login prompt.
Can I send access token/cookies or do something so will not ask for authentication the second time when I open WKWebView?
For iOS ASWebAuthenticationSession, SFAuthenticationSession, and SFSafariViewController are considered system browsers. For macOS only ASWebAuthenticationSession is available. In general, system browsers share cookies and other website data with the Safari browser application.
By default, MSAL will dynamically detect iOS version and select the recommended system browser available on that version. On iOS 12+ it will be ASWebAuthenticationSession.
When you verify user via API, you must get the token from response. Pass this token as a query parameter in your url and redirect to Safari.
URL - https://www.example.com/page1
URL with token - https://www.example.com/page1?token=asdfv12324fvfropfc23as
You can store the token in localStorage/Cookies.
Read more here.
We are developing two new react native apps, and need to integrate Azure AD authentication at both the places. We also have existing web apps that are Azure AD enabled and the user can open the web links from our (new) native apps.
We have decided to use MSAL library (react-native-msal) to implement the authentication part mainly to support SSO between the native apps + the web apps that we open in the Safari browser.
We have followed all the steps that the react-native-msal library suggests and are able to achieve SSO between the two native apps.
However, when I login to one native app, and try to open the web app link using react linking, the web app prompts for the login credentials.
Note:
For authenticating user through native app, we are using "Authentication Session" with "prefersEphemeralWebBrowserSession = false" which ideally should share the SSO cookies with the Safari browser.
But clearly, this does not seem to work.
I would like to get some understanding on this problem and find out if others are facing this issue too? or is it just us?
In this case you need a preferred user token and send it along with the login request. For capturing the details of the user at the same time I suggest storing the details in the domain wide cookies that is known for all applications.
// Store the user details after login
document.cookie = "msal_details=Paul#xyz-corp.com;domain=.xyz-corp.com;path=/"
// use the user details
var user = getCookieByName("msal_username");
userAgentApplication.loginRedirect(scopes, "&login_hint=" + user);
Lastly, you would need to implement this in your application.
Well, it turns out to be a problem with the simulator. This functionality works only on the physical devices (iPhone/iPad) and not on the simulators.
This should have been documented in the react-native-msal's document though.
I'm developing an enterprise application for one of our clients that utilises the GoogleSignIn SDK an a login option.
During development, I was surprised to see that support for the SFSafariViewController had been added meaning that I could streamline my login process by sharing Safari cookies.
This was all great until the client raised a critical issue being that once a user logs into the app (via Google and SFSafariViewController), they could log out of our application (including the GoogleSignIn SDK (see below))
func signOut() {
...
let signIn = GIDSignIn.sharedInstance()
signIn.signOut()
}
However the user remains signed into their Google account via Safari. Something that would be extremely helpful on a personal device but i've been informed that there is the potential for 20 people on a single site to be using a single device.
I've looked at setting allowsSignInWithBrowser and/or allowsSignInWithWebView to false however I cannot get it so that the SDK will use only a web view (such as UIWebView or WKWebView) where we can ensure that credentials will only be persisted within the application.
Is there such functionality to achieve this that I am missing? I think it could be quite critical in some use cases that such configuration is available.
So, now twitter from 25 sep supports universal linking, it means that when UIWebView hits https://twitter.com/oauth/authorize?oauth_token link, it tries to open a twitter app, and if it is there, then it redirects me to auth page with auth error, so I wonder, how can I disable it from code, without uninstalling twitter app, or how I can enable universal linking auth in my xamarin ios app? Is it possible at all?
(similar question but for native: Disable Twitter Universal Deep Links)
Unless Twitter removes/updates the apps section of "https://www.twitter.com/apple-app-site-association" to allow a bypass or a secondary oauth that is not in the apple-app-site-association file I do not see how you would do it. These files are signed and iOS handles them at an OS level.
I have not played around very much with the continueUserActivity delegate and the NSUserActivity object that is passed to apps launched from UNI links, but I do not see a way for the launched app (i.e. Twitter) to return control to the original app, and at that point the oauth call-chain would be broken anyway....
Unique. Unlike custom URL schemes, universal links can’t be claimed by other apps, because they use standard HTTP or HTTPS links to your website.
Secure. When users install your app, iOS checks a file that you’ve uploaded to your web server to make sure that your website allows your app to open URLs on its behalf. Only you can create and upload this file, so the association of your website with your app is secure.
Via: https://developer.apple.com/library/prerelease/ios/documentation/General/Conceptual/AppSearch/UniversalLinks.html
We have a web application that supports Facebook and Twitter login/signup via oAuth (and can also post to FB/TW). Now we are building a mobile client and naturally we want people to be able to login-signup via FB-Twitter on mobile as well, on iOS even using system-integrated accounts.
Now mobile app and our server app are two different apps, however, and if I get oAuth correctly, we'll need to have two authentications: one for a mobile client (system account can be used), another one for a server (we'll have to show WebView for it).
Yet some existing apps seem to be fine with single authentication only (e.g. Flickr and Foursquare! At least 4sq seems to be fine with iOS system FB account only. How is it possible?
Do they share consumer key/secret between mobile and web app making it essentially the same app?
Do they use some FB-specific extension to oAuth
Do they only use auth token wherever it comes from making it a user ID?
Something completely different?
Old question, but this may help someone who finds their way here.
Twitter Reverse Auth