Hi everyone,
I am trying to use ASWebAuthenticationSession to authorize user using OAuth2.
Service Webcredentials is set.
/.well-known/apple-app-site-association file is set.
When using API for iOS > 17.4 using new init with callback: .https(...) everything works as expected, however i cannot make .init(url: ,callbackURLScheme: ....) to work.
How can i intercept callback using iOS <17.4?
Do I really need to use universal links?
callbackURL = https://mydomain.com/auth/callback
If you want a callback URL that starts with https, you must use the .https(...) callback type, which is only available on iOS 17.4 and later. Prior to this, ASWebAuthenticationSession required the use of a custom scheme (i.e. a scheme that's not http/https). For example, your callback URL in that case might look like myapp://auth/callback.
Some services may warn against using custom schemes, as they may have security difficulties on some platforms. This is because, unlike https callbacks, any app could claim the myapp:// scheme, potentially resulting in your auth callback going to the wrong app. However, ASWebAuthenticationSession was specifically built to mitigate this concern, ensuring only your app will receive callbacks for that scheme when it's opened via ASWebAuthenticationSession.