Login with Apple using the Hosted UI can end up in a blank webview

[didia]

Describe the bug When a user cancel a log in with apple, he is left with an empty webview. He will need to cancel that web view in order to keep using the app. Apple just rejected our App submission today because of this behavior.

To Reproduce Steps to reproduce the behavior:

1. Make sure you have an app with Sign in with Apple through the Hosted UI
2. Make sure you are logged in with your apple id on your apple device
3. Click on Log in with Apple
4. Because you are connected on your device, A native popup will appear asking you if you want to use your apple id to connect to the app.
5. Cancel the native popup or click outside of it
6. You will remain with a blank page and nothing else going on. Unless you cancel the webview, you will be stuck there.

Expected behavior After cancelling the native popup, it should also close the webView and redirect to the app with the error message. If that's not possible, at least it should show a message saying the log in has been cancelled instead of blank page.

Screenshots Login	After Button Click	After Cancel

Environment(please complete the following information):

• Amplify Framework Version: Latest
• Dependency Manager: CocoaPods

Device Information (please complete the following information):

• Device: All iPhones
• iOS Version: All Supported versions

[palpatim]

We need to understand how the initial webview (launched to appleid.apple.com) is redirected back to Website name.

Is Website name a default value provided by the iOS auth system? If so, we need to ask Apple how to add content to that page.

Or maybe Website name is a customer-supplied (or default Cognito-supplied) value from the HostedUI configuration? If so, we need to work with Cognito to understand how that redirect flow happens and see if the customer has the option of adding content.

[palpatim]

To recap the behavior: Given an app invokes HostedUI with a specific authentication provider (i.e., using Amplify.Auth.signInWithWebUI(for:presentationAnchor:options:listener:)), when a User dismisses the Sign in with Apple (SIWA) native "action sheet" without signing in, then they see a blank screen with a "Cancel" button on it. Only by tapping that "Cancel" button are they returned to the host app.

It looks like iOS launches the webview when Amplify invokes ASWebAuthenticationSession.init(url:callbackURLScheme:completionHandler:), to be loaded with content from the URL passed to that init method. However, Cognito immediately issues an HTTP 302 redirect to appleid.apple.com, without displaying any content. iOS appears to intercept the request to appleid.apple.com, and displays a native SIWA sheet; but does not dismiss the webview if the User cancels the SIWA native "action sheet".

We don't have any immediate workarounds for this, and nothing at all we can think to do on the client side. We're considering next steps, and will update this ticket as we get more information.

[didia]

Thank you for the update!

[pareshios]

Getting same issue Webview presented by AWS Amplify.Auth.signInWithWebUI does not dismiss on cancel.

Please help

[mdidon]

Issue is still present

[JJANGSOON]

Hello. We have same issue. How did you resolve this problem?

[harsh62]

Unfortunately we are not able to provide a timeline but rest assured our team is actively prioritizing and working on issues. We are in contact with the Cognito service team to get this prioritized and we will provide an update as soon as we can.