cobywinfield
commented
1 year ago +1
Open bdhazman opened 1 year ago
cobywinfield
commented
1 year ago +1
github-actions[bot]
commented
1 year ago This has been identified as a feature request. If this feature is important to you, we strongly encourage you to give a 👍 reaction on the request. This helps us prioritize new features most important to you. Thank you!
royjit
commented
1 year ago We are looking into this internally and will get back to you when we have more information.
ekurutepe
commented
1 year ago Is there any update on this one? We'd like to have a secure way to share the Auth tokens between our app and share extension as well.
ekurutepe
commented
1 year ago I added support for this in the PR above ^^^
harsh62
commented
1 year ago @ekurutepe Thanks for your contribution. Sorry for the delay. I left a comment on #2770
royjit
commented
1 year ago PR require a detailed review and design, Amplify team will update here when we move forward with this.
julianworden
commented
1 year ago I wanted to make a note about this feature request since this is something that I've been struggling a lot with figuring out over the course of the last few days. I understand that this feature is in development (which is great!), but I'm hoping that when this feature is implemented it'll also include support for anybody who's signed in via Apple, Google, etc.
Managing the auth session between a main app and app extension when someone is signed in with a username and password is pretty easy already (even though it's undocumented in the Amplify docs) and seems secure enough to me. Save the username and password as a keychain item, look for it in the extension, sign in via the extension with the password and username stored in the keychain, and that's it. However, this workflow is impossible when the user is signed in via an external provider because the password and username are not accessible.
When the user signs in via an external provider, it does create keychain items, but as far as I can tell none of these keychain items include the user's password and username, which makes them useless for the purpose of signing in via an app extension.
This might've gone without saying, but I didn't see anybody mention it above so I thought it was worth throwing it out there. Thanks!
harsh62
commented
1 year ago I wanted to make a note about this feature request since this is something that I've been struggling a lot with figuring out over the course of the last few days. I understand that this feature is in development (which is great!), but I'm hoping that when this feature is implemented it'll also include support for anybody who's signed in via Apple, Google, etc.
Managing the auth session between a main app and app extension when someone is signed in with a username and password is pretty easy already (even though it's undocumented in the Amplify docs) and seems secure enough to me. Save the username and password as a keychain item, look for it in the extension, sign in via the extension with the password and username stored in the keychain, and that's it. However, this workflow is impossible when the user is signed in via an external provider because the password and username are not accessible.
When the user signs in via an external provider, it does create keychain items, but as far as I can tell none of these keychain items include the user's password and username, which makes them useless for the purpose of signing in via an app extension.
This might've gone without saying, but I didn't see anybody mention it above so I thought it was worth throwing it out there. Thanks!
@julianworden Thanks for your detailed analysis. We will definitely take this information into account. Appreciate the effort.
garrettmoon
commented
3 months ago We'd also really like to see this enabled!
kuserhii
commented
2 months ago Do you plan to implement it?
Is your feature request related to a problem? Please describe.
Amplify manages user authentication and credentials but while Amplify functionality (including authentication) can be used in App Extensions such as Share Extensions, authentication sessions are not shared between apps and their app extensions. This is a problem for developers who want to use the Amplify library for managing iOS authentication to their services but also build software that extends the functionality of their application with app extensions. (examples of feature request: 1, 2)
Describe the solution you'd like
An ideal solution is allowing for cross-app authentication by taking advantage of Apple's 'shared keychain' through keychain access groups in a manner similar to how Firebase does. Allowing developers to choose the keychain group their application uses would allow them to support cross-app authentication including App Extensions.
Amplify already relies on iOS's keychain so implementing this change would be a matter of making changes to how Amplify accesses and writes credentials to the system's keychain.
Making this change would give developers the opportunity to build suites of apps that require only one log in and extend functionality of their apps through deeper iOS integration with extensions such as Share Extensions and widgets.
Describe alternatives you've considered
Alternatives to this feature can result in poor user experiences or less secure workarounds.
I am open to hearing any other suggested alternatives for accessing existing authentication sessions in extensions of apps.
Is the feature request related to any of the existing Amplify categories?
Auth
Additional context
I am happy to provide contributions similar to what has been done here in order to build this feature into Amplify's Swift/iOS library.