For a project I have to implement a particular authentication system.
The authentication mechanism uses several external sites. Here is the sequence of screens:
- My application launches the Safari browser to initialize the connection on our oAuth2 server;
- then it is redirected to a site (https://csam.be/fr/index.html) to authenticate the Belgian citizen, it is offers different possibility of authentication (via Belgian identity card or via an application " It’sMe ")
- the chosen citizen “it’sme (https://www.itsme.be)” which opens automatically on his iPhone and the citizen enters his pin code;
- the application “itsme” reopens Safari to complete the authentication on the site “csam” then redirects to our server oAuth2;
- our servers oAuth2 redirects to the URL “customMyApp://” with an authorization code to reopen the application which ends the authentication in exchange for the authorization code against a Token.
But Apple refuses because “We noticed that the user is taken to Safari to sign in or register for an account, which provides a poor user experience.”
I tried using Safari View Controlle with the BrowserTab plugin but since iOS Safari View Controlle and Safari do not share their session cookies.
We use oAuth2 authentication with the Authorization code flow. If we use the Safari View Controller API for step 1 and 2 when “itsme” opens Safari in step 4 the session is lost because the sessions between Safari View Controller API and Safari aren’t shared.
I tried to update the BrowserTab plugin with SFAuthenticationSession. (Https://github.com/Qbix/cordova-plugin-browsertab).
But SFAuthenticationSession is deprecated (https://developer.apple.com/documentation/safariservices/sfauthenticationsession) And it did not work.
I have not tried with ASWebAuthenticationSession (https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession) because I saw that all cookies, except session cookies, can be shared with Safari.
Do you have an idea to share a session between Safari View Controller and Safari browser? I can’t find any solution