Clever / ios-sdk

Clever iOS SDK
Apache License 2.0
13 stars 14 forks source link

Use SFSafariViewController instead of redirect to Safari #28

Open Dimillian opened 3 years ago

Dimillian commented 3 years ago

Hello,

My apps update are starting to get rejected because Clever redirect to Safari instead of presenting an in app SFSafariViewController. Is it planned to update the SDK and add the support for SFSafariViewController?

Thanks!

arthurdarcet commented 3 years ago

This is quite a serious issue: Apple is now refusing any update for an app that is using the Clever SDK.

The auth options are:

A. Redirecting to Safari with an oauth redirect URI in http://…, then redirecting back to the app using universal links to intercept this http URL. This is not authorised by Apple at this point.

B. Opening a SFSafariViewController: this isn't possible because universal links are not supported by this view. The way all other authentication SDKs work is by using a custom-scheme:// redirect URL. This is not possible here because Clever forbids non-http redirect url.

C. Using a WKWebView: ~this means the user will not have access to their password manager and will need to input their Clever credentials from scratch every time they sign in.~ The auto-complete is disabled in this webview, so the user has to manually select its credentials in the password manager. An existing auth session on Safari is also not shared of course. Not ideal.

Edit: option C still gives access to the password manager, so it's kind of a valid workaround here. The issue still stands however: we had to remove the Clever SDK from our app until this is fixed.

Allowing custom scheme redirect URLs would be a much better solution for the end user.