search

openid / AppAuth-iOS

iOS and macOS SDK for communicating with OAuth 2.0 and OpenID Connect providers.
https://openid.github.io/AppAuth-iOS
Apache License 2.0
1.78k stars 776 forks source link

Inconsistent SSO in iOS 11 #227

Open NCCoE opened 6 years ago

NCCoE commented 6 years ago

AppAuth uses SFAuthenticationSession to achieve SSO in iOS 11. This is the Apple supported way of implementing SSO on iOS 11.0+. Unfortunately, SFAuthenticationSession seems to be buggy, and SSO does not work consistently (https://twitter.com/rmondello/status/887434621989789696).

I am seeing the same behavior as reported in https://github.com/openid/AppAuth-iOS/issues/186.

Steps to reproduce bug:

Set Up

  1. Clone AppAuth from github
  2. Navigate to Examples > Example-iOS_Swift-Carthage. Run carthage bootsrap and launch Example.xcodeproj.
  3. Change the bundle identifier to be unique and create a project in Google Developer Console, going through the steps to create credentials for OAuth.
  4. Change the kIssuer, kClientID, and kRedirectURI strings in the example code appropriately using the client ID string generated in the Google Developer Console.
  5. Add the scheme of the redirectURI to the info.plist URL Schemes.
  6. Repeat steps 1 – 5 using a different bundle identifier for the second project.

Testing

  1. Install both apps on test device running iOS 11.0+.
  2. In the Settings app, find Safari and press the “Clear History and Website Data” button.
  3. Open the first app and press the “1. Auto” button and press “Continue” on the pop-up option
  4. Sign in using a google account
  5. Open the second app and press the “1. Auto” button and press “Continue on the pop-up option.

Expected Behavior

When the sign in page pops up in the second app, a page displaying the message “Choose an account” is shown with the account you just signed in with in a list. When you select the account, you are redirected back to the app and don’t have to type the password, having successfully signed in using SSO.

Actual Behavior

When the sign in page pops up in the second app, behavior is inconsistent. Sometimes it has the expected behavior and SSO works. Other times the sign in page pops up as if you never signed in before, and you have to reauthenticate in the second app.

jeffwi commented 6 years ago

Has anyone logged an issue with Apple, and if so have they got any feedback from Apple on this?

sandronoel commented 6 years ago

I have the same behavior but the page is completely blank.