In iOS 11 they have introduced password autofill which fills the username and password in iOS app like the same way it does in Safari, User goes to website first, logged in save the username and password in keychain and then open app were the fields are automatically populated, the username and password
can it be implemented in other ways, like I logged in the app first and then while going on the website through Safari it automatically fills the username and password?
Is there any documentation or articles regarding it?
Editing My Answer:
Looks like it is possible to do so. The same kind of association we can see in SharedWebCredentials which is released in iOS8. Using SharedWebCredentials doing in both ways is possible. From app to website and website to app. Assuming Password autofill in iOS11 has done on top of this.
Here is how the association will happen.
We have entitlement certificate for an app where we will provide domain to be linked with. Then we have a website where we will hold information in JSON format related to that website. In that JSON, you have to put your bundle identifier. So when the user saves this passwords and logs in through app. Then the app entitlement file will provide the web address to safari. Safari will bring that JSON file and validate the bundle identifier is same or not. If validation success it will populate username and password.
For more info: Password Autofill in iOS 11
I asked about this at the developer labs at WWDC and was informed that it's possible. The key is that the new password autofill is based on the existing Shared Web Credentials API, which works both ways. If you use that API to save credentials from your app, they'll be available in Mobile Safari. Shared Web Credentials was the topic of a 2014 WWDC session.
I haven't tried it yet, but based on the source I'm pretty confident that it should work.
Related
I am working on a NativeScript iOS app. The app has a login page which requires users to login before they can use the app. I just wanted to add more convenience for the users to not have to type in the username and password everytime. So, I added the nativescript-fingerprint-auth plugin to enable touch/face id, which is working fine.
Now, I also wanted the app to provide an option to save the password to Keychain on the initial login and provide an option to autofill the password in the next login. Much like shown in the screenshot. So any kind of information regarding this would be helpful.
Thank you in advance!
img source
I'm trying to link our iOS app to our website with Lastpass. For most sites/apps, Lastpass will filter your list of passwords to the ones that match the app you're trying to log into. For example, if you have a password for mysite.com in LP, if you open up the mysite.com iOS app, the list of passwords will be filtered to the one for mysite.com.
Our app does not filter. When we tap the password field, all available passwords show up and we have to navigate to the password for our website to autofill. We would like this to work like it does for other app/site combos.
I have already deployed the app association file to my website and added the Entitlements to the app (applinks and webcredentials) but it still doesn't work. Any thoughts?
Did you add the site to your app's Associated Domains Entitlement? You need to do that in addition to adding the Apple App Site Association file to your site which you said you've done already.
Documentation here: https://developer.apple.com/documentation/security/password_autofill/about_the_password_autofill_workflow
I am setting up iOS Autofill Password in my app, and I followed all the guidelines in this tutorial https://medium.com/developerinsider/ios12-password-autofill-automatic-strong-password-and-security-code-autofill-6e7db8da1810. If I have a manually saved password in the keychain for the app's website, it gives me the option to autofill it on login.
However, when the credentials are not saved, the app does not prompt me to save them on login.
My username and password textfields are with correct content types (just like in your tutorial), I have the apple-app-site-association file configured properly, and the associated domains as well.
I don't understand what I am missing.
You didn't put any log about that. But the AutoFill feature has some tricks that need attention as describe on Robots & Pencils and other question in stack overflow
One attention point if you update the apple-app-site-association remove the app from your device and install again because the app store the last version as a cache.
Verify the TEAM ID on apps in apple-app-site-association because many get confused with the signing id from your account.
Known issue:
[AutoFill] Cannot show Automatic Strong Passwords for app bundleID: app.bundle.id due to error: iCloud Keychain is disabled
Do you need check on your macOS on Internet Account -> iCloud -> Keychain is enabled and verify in your idevice if the feature is enabled on Settings -> Apple ID -> iCloud -> Keychain is On
In the other case if you followed the tutorial correctly it will be working
I had the same problem. In my case the issue was that I was clearing the username and password text fields after successful authentication before pushing my next view. Apple's heuristics seem to require the text fields with .username and .password content types to be populated when the view disappears.
I was having same problem. I did all the setup which recommended by Apple (https://developer.apple.com/documentation/security/password_autofill/about_the_password_autofill_workflow).I had few fields in between UserName and Password field on Signup Screen. But when I put Password field just next to UserName field then Apple popup to save password appearing.
I have the same problem, Because 3 textField in my viewController, usernameTextField,passwordTextField and authcodeTextField.Set passWordTextField.becomeFirstResponder() before release the controller, its work for me
A new iOS app should be able to connect to a web service to sync data across devices.
I like the way the diary app Day One solved this:
On registration the user can choose to use mail address to setup a "real" account or to sign in with his Apple ID
When using the "real" account the mail address has to confirmed and a username and password has to be chosen
When using the Apple ID Sign In no additional steps are needed. The app is connected to the web services using some random user ID
When being installed on a new devices it is no problem to re-connect using the Apple-ID method.
Problem 1: How to access the Apple ID?
As far as I know it is not possible for the app to really to access the Apple-ID. Or is there some undocumented way to do this? How is this possible?
I suspect that the app instead might use iCloud to store some token? The iCloud storage is linked to the Apple-ID, thus when installing on a new devices it would be possible to recover the token from iCloud and use it to reconnect.
Or are there other / better methods?
Problem 2: How to handle the authentication?
Let's set Problem 1 aside and assume that we have solved the problem of creating some cross-device username. How could be handle the authentication?
Solution 1: Only the token (Apple ID / iCloud stored username / etc.) is used for authentication. If a request from the app to the server contains a valid username token access is granted.
Solution 2: In addition to the username token a random password is generated when creating the anonymous account. This could be done on the device or on the server. But since the password has to be known on both ends, it need to be transferred from one end to the other at some point.
2a: Trust in the HTTPS connection and transfer the plain password
2b: Use some other method (e.g. Diffie-Hellman) to agree on a common password
On first sight 2b seems to be the most secure solution but is the really the case? The sync data is not encrypted but "only" trusts in the HTTPS connection. Would it add extra security to transfer the password using another method?
Additionally, does it add extra security to use a "password" at all? This is not a password the user selects for his user selected username but a automatically generated password for a automatically generated username / token.
Would it not be the same to just use the generated username token? Only who has access to the token / Apple ID / iCloud account, etc. can access the web service.
So, which solution is the best? Am I missing something and there are better solutions?
As of iOS 12, Apple provide a SDK for developer to access user Apple ID - with user's consent, obviously. Developer can use AuthenticationService SDK to achieve this. Please read more at the documentation. I'm sure this is how Day One app does what you describe.
I followed this guide:
https://medium.com/developerinsider/ios12-password-autofill-automatic-strong-password-and-security-code-autofill-6e7db8da1810
I created a github page and put the json file in this structure: snguyenevolution1.github.io/.well-known/apple-app-site-association.
I have the file validated here: https://branch.io/resources/aasa-validator/
Here is the entitlement:
There is a saved entry for snguyenevolution1.github.io in keychain. But when I tap on the username/password text field, the quick type row above the keyboard only show Password, not password for snguyenevolution1.github.io.
After tapping on that password and verify my touch ID, it brings up the entire list of all saved password in keychain, and I can literally pick anything from that list. I want it to automatically select the entry like it does in the tutorial.
Could someone please point out what I'm doing wrong? I'm pretty positive that the ids are matched.
Thanks
You should set in entitlement Associated Domains like this applinks:your_domain
References
Support Universal Links in your iOS App
iOS12 - Password AutoFill, Automatic Strong Password, and Security Code AutoFill
Does it do this for all password managers? I use 1Password 7 and it works ok. Look in your accounts and passwords setting and make sure you have a password saved for that specific website.