A demo showing how you can auto-login users to an iOS app using SafariViewController (on iOS 9) and SFAuthenticationSession (on iOS 11)
This demo shows how you can automatically log in users to your iOS app after they install it based on cookies previously set in Safari. The idea is that if you have a way of logging them in somewhere in the browser before they download your app, or they have previously logged in to your webapp before installing it, you can automatically recognize them without them having to go through an in-app login flow and enter the same login info again.
This project was inspired by this article by LaunchKit.
== UPDATE 2017 ==
The original approach doesn't work anymore - some people of course had to use it for evil purposes (surprise surprise) and Apple has changed a few things:
the App Store Review Guidelines (5.1.1) now specifically say that:
SafariViewContoller must be used to visibly present information to users; the controller may not be hidden or obscured by other views or layers. Additionally, an app may not use SafariViewController to track users without their knowledge and consent.
since iOS 10, SafariViewController doesn't seem to load at all when alpha is set to 0
since iOS 11, SafariViewController uses a separate cookie storage from Safari, so even if you manage to make it load, it won't recognize you
Possible alternatives:
I've added support for SFAuthenticationSession
in the app - you can launch it by tapping the "Authenticate" button. It's actually pretty nice and the result is very similar to the old approach, except you get a popup first where you have to confirm access and then you see the SVC slide up and down.
Here's how it looks:
It's actually pretty simple:
SFSafariViewController
at startup and tells it to load a special page in your webapp that automatically redirects back to your app using a custom URL scheme (you can only pass something back to your app with a redirect, since the app has no direct access to the contents of the Safari View Controller)modalPresentationStyle
to .OverCurrentContext
and its view's alpha
to 0
svclogintest://name/yournamehere
; that triggers the callback application(handleOpenURL:)
in the application delegate, which notifies the view controller about it through an NSNotification
So this way you can remember the user between app installations and even before it's installed for the first time, as long as you control the site which sets the cookies and can make it redirect to the custom URL, and as long as the user doesn't clear the cookies in Safari. (I've seen an issue though where even after clearing the cookies the SVC was still seeing them, even though Safari didn't - might be a bug in the beta?)
For the new 2017 version using SFAuthenticationSession
:
SFAuthenticationSession
and saves it in an instance variable (otherwise the popup disappears immediately)start()
callbackURLScheme
is for, since it seems to work just fine regardless what you put there?application(handleOpenURL:)
, if not, you get an error objectdownload or clone the project
in a terminal, go into the project's directory and start an HTTP server in that folder:
python -m SimpleHTTPServer
open the project in Xcode 7
build & run
to log in & out, go to http://localhost:8000
in Safari in the simulator and use the form to update the name
Created by Kuba Suder, licensed under WTFPL license.
If you have any suggestions or comments, please let me know via Twitter @kuba_suder, email or GitHub issues.
Note: please don't use this for any evil purposes 🙏