IOS associated Domain - Store/autofill password

wadebuildotto · March 10, 2020, 5:23pm

Has anyone been able to get this to work, I added the “Associated Domains” pointed it to my url, “webcredentials:example.com” I have my login form with “username” and “current-password”

I added the “apple-app-site-association” to my “root” as well as the “.well-known”

just no popup to save/store the password
https://developer.apple.com/documentation/security/password_autofill

I am not even seeing anything that xcode is validating the association and if its passed or failed.

banjerluke · March 10, 2020, 7:54pm

I gather you’re talking about a Cordova app. Your server is running on localhost, and that’s what WKWebView is loading, not your .com domain. So this is a way to associate your app with a domain for Apple’s password manager.

I have the same problem, albeit I first noticed it with LastPass. I imagine any password manager would have a hard time with a WKWebView.

Just guessing here, but my thought is that this “Associated Domains” setting (which I can’t find in my Xcode apparently because I need to create a Developer Account first) doesn’t affect what’s inside WKWebView. I’ve found this to be true of other things about WKWebView – like it’s running in its own little sandbox that doesn’t necessarily take on the attributes or entitlements of the parent app.

I’d be interested in a solution to this as well since I’m spoiled by password managers these days and I’d like my app to be compatible with them too.

I wonder if cordova-plugin-app-scope might be a solution?

banjerluke · March 20, 2020, 10:11pm

Update: It works!

It was easy once I figured out what to do. Three steps:

Register an App Id in my Apple Developer Account and add the “Associated Domains” capability.
Add this to mobile-config.js:

let associatedDomainsConfigFor = (file) => `
  <config-file target="${file}" parent="com.apple.developer.associated-domains">
    <array>
      <string>webcredentials:REPLACE_WITH_YOUR_DOMAIN.com</string>
    </array>
  </config-file>`;

App.appendToConfig(`
<platform name="ios">
  ${associatedDomainsConfigFor("*-Debug.plist")}
  ${associatedDomainsConfigFor("*-Release.plist")}
</platform>
`);

Delete the app from iOS device and reinstall it. (I read this was necessary with associated-domains changes.)

And voila. Doesn’t need any cordova plugins.

arcadianz · December 9, 2021, 6:08pm

Just to clarify, are you are now able to:

Use iOS keychain/autofill/3rdParty on your App’s wkWebView login page to fill credentials?
Save your credentials to iOS keychain/auto-fill/3rdParty from your App’s wkWebView login page?

We have enabled domain entitlement, and can only use keychain/auto-fill/3rdParty to fill credentials. For some reason, we cannot get the save password dialogue to show, so basically, a user would need to sign-in once with Safari (saving credentials) to then be able to auto-fill the App wkWebView login.

banjerluke · December 9, 2021, 7:52pm

I don’t know; I switched to one-time emailed login codes (although I’m not sure that was the right call from a UX standpoint). But I could see that being an issue. Do you do a route change after login? I know that’s usually needed for browser password managers to detect that a password was used. Maybe a <form> submit as well, I don’t know.