6

I'm using AppAuth-iOS for SSO. Everything works just fine on the ios 11 simulators and SSO (cookies sharing) doesn't work on the real devices running 11.0.0, 11.0.1, 11.0.2. So is the SFAuthenticationSession broken and is there any known workaround?

Nik Yekimov
  • 2,657
  • 2
  • 24
  • 34
  • Did you ever get this resolved? I am seeing the same behavior on 11.2.5. – Locksleyu Jan 30 '18 at 17:56
  • 1
    I am also facing the same problem. After [telomere](https://stackoverflow.com/users/4635240/telomere) comment I did check cookies and found there is no expiration date and cookie automatically get session only parameter. After you close session cookie will be deleted automatically. – canister_exister Sep 28 '18 at 14:55

1 Answers1

5

I am also facing the same issue and based on my tests and research, yes it is broken. SFAuthenticationSessions remember the cookies on a single application run, but not after the application has restarted or between multiple apps (= SSO). I have done a series of tests with iOS 11.1 beta 1 and Xcode 9.1 beta 1 with following results:

  1. Using the SFAuthenticationSession to do an initial login, and during the same application run, using another SFAuthenticationSession to check if login is still valid (based on cookies). This works OK.
  2. Restarting the application and then trying to check the session state will not work, indicating that the cookies are not persisted.
  3. Using the system Safari (with UIApplication.shared.openURL) to do the login and using SFAuthenticationSession afterwards to check the login state. This also does not work. Cookies are not shared between Safari and SFAuthenticationSession.
  4. Used the system Safari both both login and session checking works, even between multiple application runs. As expected, Safari still remembers its own cookies. But they are not shared.

The other complaint I have with SFAuthenticationSession is that is uses the project target name and not the application name for its popup dialog.

The only ongoing discussion I could find about this is in this Twitter post: https://twitter.com/rmondello/status/887434621989789696. I have also filed a bug report but no updates on it since September 5th.

Antti Laitinen
  • 51
  • 1
  • Any update on this? I am still seeing this behavior on 11.2.5. – Locksleyu Jan 30 '18 at 17:55
  • 4
    We've been doing some tests with your example app as we are facing a very similar issue. It appears that SFAuthenticationSession cannot access cookies set in Safari if they were session-only cookies. If you create the cookie with a "max-age" and "expires" parameter, it is persisted across app restarts and shared between Safari and SFAuthenticationSession. This was under iOS 11.1.2. Not sure that this is going to resolve your issue but it may provide some insight. – telomere Jan 31 '18 at 08:12