We are experiencing an issue with session sharing on iOS and would appreciate your guidance.
We operate and control our own OpenID Connect (OIDC) server.
Our iOS application uses ASWebAuthenticationSession to authenticate users.
We're unable to get the authentication session to be shared between the Safari app and the app's ASWebAuthenticationSession. This results in users having to re-authenticate despite being logged in via Safari.
We've attempted various configurations related to cookie SameSite settings. These adjustments resolved the session sharing issue on Android using Chrome Custom Tabs.
However, no changes we've tried have enabled session sharing to work as expected on iOS.
According to documentation from Apple, Microsoft, Okta, and Auth0, session sharing between Safari and ASWebAuthenticationSession should work.
Question:
Are there any additional settings, configurations, or platform limitations we should be aware of that could impact session sharing on iOS? Where else can we look to resolve this issue?