Authentication Services uses Safari when it is not the default browser and fails the flow anyway

We are developing an app that uses Authentication Services to authenticate users. According to the documentation, this framework will open the default web browser if it supports auth session handling, and Safari otherwise. This is not entirely true, and users will be frustrated!

macOS version: Sequoia 15.5; Safari version: 18.5.

When:

  • The default browser is not Safari, and supports auth session handling (Google Chrome and Microsoft Edge as examples); and -
  • The Safari app is already running;

The auth flow will:

  • Present the confirmation dialog box with the default browser icon. Good!
  • Open a Safari window, instead of the default browser's one. Bad!
  • Respond with "User Cancelled" error to the app, after making the end user believe the auth was good. Very Bad!!

If the app retries the auth session, the default browser window will open as expected, and it will work as expected. However, requiring users to authenticate twice is a very bad users experience...

This issue does not reproduce, when either:

  • Safari is not running at the moment of auth session start;
  • The default browser does not support auth session handling; or -
  • Safari is the default browser.

Fellow developers, be warned!

Apple engineers, feedback #18426939 is waiting for you.

Cheers!

Authentication Services uses Safari when it is not the default browser and fails the flow anyway
 
 
Q