Is there a way to know if there is a cookie available before showing the SFAuthenticationSession prompt

Question

On iOS 11, Apple introduced a new way to share auth data between the web and a Mobile App with SFAuthenticationSession.

It would be a bad user experience to show the SFAuthenticationSession prompt to every new users - that might have never used my website - to have them agree and then get nothing out of it and have ask them to login.

The documentation is pretty empty on Apple side. This is the only example I found.

Is there a way to know if there is a cookie available before showing the SFAuthenticationSession prompt? Or maybe, with the Associated Domains enabled, when authenticating with my domain, the system should not show the prompt?

Answer 1

No. Even if there aren't cookies, the user can login entering his username/password and then clicking on "Login"/"Enter" on the website (E.g: Facebook, Instagram).

Accessing the cookies won't be enabled:

When the webpage is presented, it runs in a separate process, so the user and web service are guaranteed that the app has no way to gain access to the user’s credentials. Instead, the app gets a unique authentication token. Official docs

Working example for Instagram-OAuth: https://github.com/dvdhpkns/SFAuthenticationSession-Instagram-Oauth

And the GitHub repo you added was posted by the author to send a bug report about errors in cookie sharing for local servers (rdar://33418129. Original tweet)

Are cookies shared between Safari and SFAuthenticationSession? @DVDHPKNS

They’re supposed to be shared, but we have some timing bugs right now. Please do file bugs about what you’re seeing. @rmondello (Apple employee)

P.S: They added more information to the docs since your original post date.