ASWebAuthenticationSession Support?

[xcskier56]

Description

Does this plugin support using ASWebAuthenticationSession? I know that OauthSwift, which this plugin is using does, but in my testing, it seems that a regular Safari View is used instead of the ASWebauthenticationSession. I'm a web dev so only moderately understand the swift code, but it appears to me that a SafariURLHandler is being used instead of the ASWebauthenticationSession. Is this the case?

[phal0r]

What is the advantage of ASWebAuthenticationSession @xcskier56 ?

[moberwasserlechner]

I for my part can not answer this question either.

@xcskier56 please explain the advantages of ASWebAuthenticationSession.

I keep this issue open a few days and close it afterwards if there is no feedback.

BR

[phal0r]

I did some investigation and ASWebAuthenticationSession should be used as it is more secure and provides better usability by sharing cookies and password autocompletion.

See: https://authguidance.com/2020/02/22/ios-code-sample-overview/

Also, I think it is correct, that OauthSwift has support for ASWebAuthenticationSession and this should be the default way to initialize a OAuth2/OIDC Login.

Can this somehow be made configurable @moberwasserlechner ?

[doublechecker]

Hey there. This is quite important because we already had some trouble with Apple App Review. Sometimes they reject our app because we do not use the desired way of ASWebAuthenticationSession. When ASWebAuthenticationSession is used there is an alert asking the user if the app should open a authentication-session (see screenshot as example). We would really appreciate this feature as it is implemented in the underlying plugin already.

[LucaBlackDragon]

moreover, this feature would allow to achieve Single Sign On between two or more different apps (provided they all talk to the same OIDC provider)

[sampaxk]

I've created a pull request that allows the plugin to support ASWebAuthenticationSession. Here is it: #226

[otrebu]

Just wondering why the PR it is not merged...