DEV Community

Quick Guide to ASWebAuthenticationSession API Changes in iOS 13

A.J. Kueterman on July 17, 2019

One of the biggest announcements at WWDC 2019 was the new 'Sign In With Apple' feature, where Apple will now provide an authentication email & ...
Collapse
 
mehdis profile image
Mehdi

i have a question, i auth my user with AuthentificationServices but at disconnect, i don't know how to flush the session previously saved, if a user clic on reconnect right back, it will be connected with the previous account that made the disconnection
do you have an idea ?

Collapse
 
robotsquidward profile image
A.J. Kueterman

ASWebAuthenticationSession doesn't maintain your session itself, but it does use session stored in Safari. See this section in the docs:

If the user has already logged into the web service in Safari or other apps using ASWebAuthenticationSession, it’s possible to share the existing login information. The system presents the user with a dialog asking for consent to share login information. If the user cancels the alert, the session is canceled, and the completion handler is called with the error code ASWebAuthenticationSessionError.Code.canceledLogin.

So if you're authenticating to an OAuth service/app and that service maintains a user's session in Safari then you might see it auto-authenticate you without having to re-enter a username/password. This is only an issue if you want to support multiple logins for a single device - more likely to be an issue during your testing than in normal use (in my experience).

iOS let's users opt-out of the auto-login using previous session each time it tries to authenticate them with the previous session, but I'm not sure of an easy way to flush their session on behalf of them every time you try to do an OAuth from your app.

Hope that helps!

Collapse
 
mehdis profile image
Mehdi

Thank you for your kind and detailed answer,
Indeed, maybe my wish to fully disconnect after logout is related to my dev role and I would find this annoying as a user.
I’m still curious if there is a possibility or if it’s intended in the design of ASWebAuthenticationSession

Thread Thread
 
robotsquidward profile image
A.J. Kueterman

You could try prefersEphemeralWebBrowserSession, a new feature in iOS 13, to at least block your web view from sharing session with Safari and be a bit more explicit about making your user login. I'm not sure it speaks to your specific issue, but might be worth exploring.

Collapse
 
alvynfash profile image
Alvyn Fasuyi

Ran into the same issue, what we ended up doing, was instead launching a clear session url which auto redirects to the login each time.

Collapse
 
samulla profile image
samiulla

Hi,
Is there a way to set the modalpresentationstyle to Fullscreen for the aswebauthenticationsession controller?

Collapse
 
robotsquidward profile image
A.J. Kueterman

There might be a way to enforce that for your entire application by writing an extension or swizzling, but I don't think you can set it on the ASWebAuthenticationSession provided modal. Hope that helps.

Collapse
 
uch1 profile image
Uchenna Aguocha

Same here, I'm having issues getting an auth code for the callbackURL. The crazy thing is that the ASWebAuthSession's callback doesn't execute. I've given it a valid url and callbackURLScheme.

Thread Thread
 
rosatp profile image
Rosat Pierre-Yves

Hello, I have the same problem, have you found a solution?

Collapse
 
amitkushvaha profile image
Amit Kushvaha

Hi, I'm having trouble to get the call back in completion handler once response back from the API. can you help me pls?

Thread Thread
 
rosatp profile image
Rosat Pierre-Yves

Hello, I have the same problem, have you found a solution?

Collapse
 
sshraddha96 profile image
Shraddha

I tried ASWebAuthenticationSession mentioned in the above example, the callback handler is not being called. Hence, the web view doesn't dismiss after the authentication is complete.
The same thing I tried with WKWebView. It works fine.
Could you please help me with this?

Collapse
 
robotsquidward profile image
A.J. Kueterman

If you're being authenticated but not routed back it sounds like it could be an issue with the callback URL? Just an initial thought, make sure your callbackUrlScheme is correct.

Collapse
 
rosatp profile image
Rosat Pierre-Yves

Hello, I have the same problem, have you found a solution?

Collapse
 
therealstarone profile image
TheRealStarone • Edited

I am trying to use the Ecobee API, but they want you to use a HTTPS prefixed URL for the callback scheme... "example.com:/auth".
When I try to get the auth token I can login and authorize my app, but it always ends with "cannot find the server..." and all I can do is cancel.

Collapse
 
robotsquidward profile image
A.J. Kueterman

On GitHub (for using the GitHub API) you create an OAuth App that will accept the callback URL scheme and act as your auth server, by handling callbacks and returning a token for access. That's what I did for my implementation. See if Ecobee has a similar setup, otherwise you might have to implement your own auth server.

Collapse
 
rosatp profile image
Rosat Pierre-Yves

I have a question, after successful authentication, the redirect_URI (universal link) is handle by the SceneDelegate Class and don't go back to my initial view controller!

The sign-in screen never dismiss because completionHandler is never called on success.

Do you have an idea or a sample Xcode Project?

Collapse
 
shobhit profile image
Shobhit Puri

@rosatp Were you able to get this working?

Collapse
 
mkatnam profile image
mkatnam

@ajkueterman,

i have implemented the ASWebAuthenticationSession as you said in example but somehow its not working, could you please share the sample project to login OAuth.

Thanks in advance.

Collapse
 
robotsquidward profile image
A.J. Kueterman

Unfortunately I don't have any open source apps that are using the modern ASWebAuthenticationSession flow. I'll see if I can't put something together soon, but for now if you have specific questions I can try to help.