How whole captive networks and CNSetSupportedSSIDs works?

Question

I read documentation and it says:

By calling the CNSetSupportedSSIDs function, an application can register a list of wireless network SSIDs with Captive Network Support, thereby assuming responsibility for authenticating with those networks. Typically when a user joins a captive network, Captive Network Support provides a web sheet that allows the user to authenticate with the network. If an application has registered the SSID of the captive network, however, the web sheet is suppressed, and the user can complete authentication in the appropriate application

What does "user can complete authentication in the appropriate application' mean exactly?

• Should a user launch this app to authenticate? If so, will a user be notified somehow, that he/she should do it?
• Will iOS launch this app, so a user can authenticate?
• Will the app receive some callback?

I am particularly interested in how it should work, if one application has registered to handle capture network and another is trying to access the web, when a user isn't authenticated yet.

Answer 1

It looks like public API doesn't do too much for you. It supress the message, but a user should manually launch another app to login.

However, there is a special entitlement "com.apple.developer.CaptiveNetworkPlugin" which gives you possibility to use bunch of private API's in CaptiveNetwork framework to build a real captive plugin. Some companies work with Apple to do this (https://devforums.apple.com/message/792112#792112). However, it's not a broadly available API.

BTW. Here is some additional information from a guy who reverse engineered one of such apps: http://kalapun.com/posts/reverse-engineering-ios-app/