Skip to content

Commit 44201c0

Browse files
danchily2claude
andcommitted
fix(ios): detect webcredentials-association failure despite cancel error code
The missing-association failure is reported with the SAME error code as a user cancellation (ASWebAuthenticationSessionErrorCodeCanceledLogin), so the previous fallback check never engaged and every sign-in hard-failed ('Application ... is not associated with domain ... Using HTTPS callbacks requires Associated Domains using the webcredentials service type'). The association failure carries an NSLocalizedFailureReason while genuine user cancellations do not - use that to trigger the legacy-session fallback. Verified on an iOS 26 simulator: with the association missing, the fallback engages and sign-in completes; with a newer login attempt started, stale resolutions are still discarded. Co-Authored-By: Claude <noreply@anthropic.com>
1 parent 1d997c5 commit 44201c0

1 file changed

Lines changed: 12 additions & 9 deletions

File tree

packages/react-native-app-auth/ios/RNAppAuth.m

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,8 @@
1212
/**
1313
* External user agent that uses the iOS 17.4+ ASWebAuthenticationSession https callback
1414
* (ASWebAuthenticationSessionCallback callbackWithHTTPSHost:path:). With an https
15-
* (universal link) redirect URI, AppAuth-iOS passes "https" as the callbackURLScheme
16-
* which ASWebAuthenticationSession does not support so the session never intercepts
15+
* (universal link) redirect URI, AppAuth-iOS passes "https" as the callbackURLScheme -
16+
* which ASWebAuthenticationSession does not support - so the session never intercepts
1717
* the redirect and the flow has to rely on the universal link opening the app, which is
1818
* not triggered by server redirects/JS navigation inside the session and is sporadically
1919
* dropped, leaving authorize() pending forever (#987, #932; openid/AppAuth-iOS#367).
@@ -22,7 +22,7 @@
2222
* Requires the callback host to be an associated domain with the webcredentials service
2323
* type (entitlement + apple-app-site-association). When the association is missing the
2424
* agent transparently falls back to the legacy callbackURLScheme session, preserving
25-
* AppAuth's default behavior.
25+
* AppAuth default behavior.
2626
*/
2727
API_AVAILABLE(ios(17.4))
2828
@interface RNAppAuthHTTPSExternalUserAgent : NSObject <OIDExternalUserAgent, ASWebAuthenticationPresentationContextProviding>
@@ -845,8 +845,8 @@ - (void)rejectPromise:(RCTPromiseRejectBlock)reject
845845
@end
846846

847847
/**
848-
* Implementation modeled on AppAuth's OIDExternalUserAgentIOS, but built with
849-
* [ASWebAuthenticationSessionCallback callbackWithHTTPSHost:path:] so the session
848+
* Implementation modeled on AppAuth's OIDExternalUserAgentIOS, but built
849+
* with [ASWebAuthenticationSessionCallback callbackWithHTTPSHost:path:] so the session
850850
* intercepts the https redirect itself (iOS 17.4+).
851851
*/
852852
@implementation RNAppAuthHTTPSExternalUserAgent {
@@ -923,10 +923,13 @@ - (ASWebAuthenticationSession *)authenticationSessionWithHTTPSCallback:(BOOL)use
923923
[strongSelf->_session resumeExternalUserAgentFlowWithURL:callbackURL];
924924
return;
925925
}
926-
BOOL isUserCancel = [error.domain isEqualToString:ASWebAuthenticationSessionErrorDomain] &&
927-
error.code == ASWebAuthenticationSessionErrorCodeCanceledLogin;
928-
if (useHTTPSCallback && !isUserCancel && [strongSelf startLegacyFallbackSession]) {
929-
// Missing/unvalidated webcredentials association — legacy session took over
926+
// A missing webcredentials association is reported with the SAME error code as a
927+
// user cancellation (ASWebAuthenticationSessionErrorCodeCanceledLogin) — but it
928+
// carries an NSLocalizedFailureReason ("...requires Associated Domains using the
929+
// `webcredentials` service type..."), which genuine user cancellations do not.
930+
NSString *failureReason = error.userInfo[NSLocalizedFailureReasonErrorKey];
931+
if (useHTTPSCallback && failureReason.length > 0 && [strongSelf startLegacyFallbackSession]) {
932+
// Association missing/unvalidated — legacy session took over
930933
return;
931934
}
932935
NSError *safariError =

0 commit comments

Comments
 (0)