SFAuthenticationSession isn't sharing cookies on the real devices

Question

I'm using AppAuth-iOS for SSO. Everything works just fine on the ios 11 simulators and SSO (cookies sharing) doesn't work on the real devices running 11.0.0, 11.0.1, 11.0.2. So is the SFAuthenticationSession broken and is there any known workaround?

Answer 1

I am also facing the same issue and based on my tests and research, yes it is broken. SFAuthenticationSessions remember the cookies on a single application run, but not after the application has restarted or between multiple apps (= SSO). I have done a series of tests with iOS 11.1 beta 1 and Xcode 9.1 beta 1 with following results:

1. Using the SFAuthenticationSession to do an initial login, and during the same application run, using another SFAuthenticationSession to check if login is still valid (based on cookies). This works OK.
2. Restarting the application and then trying to check the session state will not work, indicating that the cookies are not persisted.
3. Using the system Safari (with UIApplication.shared.openURL) to do the login and using SFAuthenticationSession afterwards to check the login state. This also does not work. Cookies are not shared between Safari and SFAuthenticationSession.
4. Used the system Safari both both login and session checking works, even between multiple application runs. As expected, Safari still remembers its own cookies. But they are not shared.

The other complaint I have with SFAuthenticationSession is that is uses the project target name and not the application name for its popup dialog.

The only ongoing discussion I could find about this is in this Twitter post: https://twitter.com/rmondello/status/887434621989789696. I have also filed a bug report but no updates on it since September 5th.