I would like to get rid of the iOS prompt/popup saying <APP-NAME> wants to use <HOST-NAME> for Sign In when using promptAsync of AuthRequest
After lots of reading of multiple SO questions, Apple documentation, and Auth0 articles, etc. I came across this
The iOS ASWebAuthentication method can be called with prefersEphemeralWebBrowserSession set to True. This opens a Safari instance that does not use shared cookies and users will not see the “wants to sign in with…” native prompt.
Is there any option I can pass to expo AuthRequest/AuthSession to set this flag to true when it calls WebBrowser.openAuthSessionAsync ?
Or, if you have an “expo” work around, please point me to the right direction.
I’d in general be interested if there’s plans to migrate the AuthSession / WebBrowser modules to use the new ASWebAuthenticationSession instead of SFSafariViewController. One of the big benefits of the former appears to be that it will use the default browser for the OS instead of only Safari.
I wouldn’t be surprised if this isn’t super-high on the priority list, because it’d be yet another code path for those modules, since SFSafariViewController would still be required for iOS 11 and 12. It wouldn’t be possible to pass a value for prefersEphemeralWebBrowserSession until that underlying code uses ASWebAuthenticationSession.
However, based on that quote from the documentation, it sounds like setting prefersEphemeralWebBrowserSession = true has a serious double-edged sword to it. Not sharing cookies with Safari means that, if you’re trying to setup single-sign-on, it’s not really single-sign-on anymore. Part of the convenience of SSO is that you could already be signed into the auth provider on your web browser and that would carry over automatically to your app.
About the double-edged sword, we understand this trully well, but it is a tradeoff we are willing to make in order to get rid of the Sign In popup, because the user would only need to sign in once, after that the app would use refresh tokens to keep the user signed in. We have discovered with beta testing users that this popup was really disturbing the login/signup flow.