Hi, we have implemented auth0 on a xamarin forms app following the example on github.
Unfortunately the app got rejected on the iOS appstore for the following reason: “We noticed that the user is taken to Safari to sign in or register for an account, which provides a poor user experience.”
They say a solution would be:
“We recommend implementing the Safari View Controller API to display web content within your app.”
But I really have no idea to do something like that in Xamarin. Maybe someone has some example how to do this?
Thanks!
Hi, as I mentioned Apple told me that browser auth is prohibited. All your iOS samples use LoginAsync which even in docs says it uses the browser:
// Summary:
// Launches a browser to log the user in.
public Task<LoginResult> LoginAsync(object extraParameters = null);
I cannot understand how this can be the official docs/demos as they clearly violate apple’s terms and app will not get approved.
Hopefully we can find a solution as this problem is pending in my workflow for some time now.
Sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes the number of incoming questions is just too big for our bandwidth. Sorry for such inconvenience!
Hi, yes some guidelines would be helpful. At the end I had to remove google login support from my iOS app because your tutorials/examples always insisted in the browser popup method which apple does not accept and I was not able to create my own webview version…
So basically the core reason why wo do sign up / login popup instead of handling everything in the app is security concern. You can read more about various authorisation flows used by mobile apps or web apps here:
Unfortunately when it comes to Xamarin we still do not offer much of a content / quickstarts or articles regarding that. The only ting for now that we have and you can make use of is the repo that is maintained by community devs. You can find it here:
Hi there,
I completely understand that popup auth is used for security reasons. But as I said, its AGAINST APPLES RULES TO USE POPUP AUTH and I am completely certain about this because MY APP WAS REJECTED DUE TO THAT REASON.
Any kind of help would be really appreciated but its really weird that your tutorials for iOS are completely useless and against appstore rules and nobody seems aware of this issue…
This was over a year ago and I cannot find the exact text, but I found a case which looks just about the same:
Blockquote 10.6 : Apple and our customers place a high value on simple, refined, creative, well thought through interfaces. They take more work but are worth it. Apple sets a high bar. If your user interface is complex or less than very good, it may be rejected ----- 10.6 -----
Blockquote
We found the following issue with the user interface of your app:
The app opens a web page in mobile Safari for creating an account or logging in for Google+ account, then returns the user to the app. The user should be able to create an account or log in without opening Safari first.
Sorry for this delay in response by I needed to go through that with various product managers. It’s been the first time we encountered a situation like that. The browser part is compulsory here looking strictly at the security aspect. We know that it collides with the UI transition a bit but it provides the best safety.
Getting back to what you wrote, there are a lot of people implementing our iOS quickstarts or even developing more complex iOS apps and then releasing them to App store (both here in the community as well as our Enterprise customers and we’ve never experienced situation like that)
We would like to dig deeper into that. Is it possible you can ask them for more detailed explanation and guidance on how you should address that?
No popup is allowed, so the solution apple was proposing was the integrate the whole login thing into a webview so no transition happens. The issue is that I could not find the way to implement the webview. I could call the website somehow from the webview but no idea how to handle if the user logs in.
You don’t have to convince me, I completely understand, but apple thinks otherwise
AutoSelectBrowser is the default if you do not override the Browser option. It will create the appropriate UI based on the iOS Version
// For iOS 12+ use ASWebAuthenticationSession
if (UIDevice.CurrentDevice.CheckSystemVersion(12, 0))
return ASWebAuthenticationSessionBrowser.Start(options);
// For iOS 11 use SFAuthenticationSession
if (UIDevice.CurrentDevice.CheckSystemVersion(11, 0))
return SFAuthenticationSessionBrowser.Start(options);
// For iOS 10 and earlier use SFSafariViewController
return SFSafariViewControllerBrowser.Start(options);
Only the SFSafariViewController is a popup of safari. The others are embedded WebViews. They also display an alert to the user. This alert gives the user an indication that they are being redirected.
I’ll make sure to relay that info to our product team to consider. For future reference make sure to report such things using our feature request feedback form here:
And please do give a try to what @rsatter suggested maybe that will work for them!