Search code examples
iosnsurlconnectionnsurlcredentialnsurlcredentialstorage

How to Share NSURLConnection credentials with Safari?


I'm trying to intercept link and login a user, then send them on to Safari and have the page load with no authentication request.

So, what I'm doing so far...

I register a custom URL scheme for my app. Call it "myhttp". Now someone clicks on a link (say from an email) of myhttp://secured.com/foo and my app runs. The apps pulls the user's credentials from somewhere and makes a call to the real URL with an NSURLConnection. The NSURLConectionDelegate implements connection:didReceiveAuthenticationChallenge and I navigate through the security layer fine. Next I try loading the same url using the UIApplication openURL method to bring up Safari, but I still get an authentication check.

I thought this would work because I read the follow in the Apple documentation.

Credentials stored in persistent storage are kept in the user’s keychain and shared among all apps.

And when I check the NSURLCredentialStorage I can see the credentials I just used stored there with the correct information, protection space, scheme, etc, but clearly I'm doing something wrong or I wouldn't be getting an authentication challenge when I switch to Safari.

So the question is, did I just screw up somewhere along the line, forget some important bit or am I going about this the wrong way?


Solution

  • This wasn't possible before iOS 8, but is now with the Shared Web Credentials feature.

    Add a com.apple.developer.associated-domains entitlement to your app. This entitlement must include all the domains with which you want to share credentials.

    Add an apple-app-site-association file to your website. This file must include application identifiers for all the apps with which the site wants to share credentials, and it must be properly signed.

    When the app is installed, the system downloads and verifies the site association file for each of its associated domains. If the verification is successful, the app is associated with the domain.

    An app can share credentials with any associated domains by calling SecAddSharedWebCredential and SecRequestSharedWebCredential.