iOS popup using AuthRequest

Please provide the following:

  1. SDK Version: 38
  2. Platforms(Android/iOS/web/all): iOS

I would like to get rid of the iOS prompt/popup saying <APP-NAME> wants to use <HOST-NAME> for Sign In when using promptAsync of AuthRequest

After lots of reading of multiple SO questions, Apple documentation, and Auth0 articles, etc. I came across this

The iOS ASWebAuthentication method can be called with prefersEphemeralWebBrowserSession set to True. This opens a Safari instance that does not use shared cookies and users will not see the “wants to sign in with…” native prompt. 


Is there any option I can pass to expo AuthRequest/AuthSession to set this flag to true when it calls WebBrowser.openAuthSessionAsync ?
Or, if you have an “expo” work around, please point me to the right direction.

Many thanks !

I’d in general be interested if there’s plans to migrate the AuthSession / WebBrowser modules to use the new ASWebAuthenticationSession instead of SFSafariViewController. One of the big benefits of the former appears to be that it will use the default browser for the OS instead of only Safari.

I wouldn’t be surprised if this isn’t super-high on the priority list, because it’d be yet another code path for those modules, since SFSafariViewController would still be required for iOS 11 and 12. It wouldn’t be possible to pass a value for prefersEphemeralWebBrowserSession until that underlying code uses ASWebAuthenticationSession.

However, based on that quote from the documentation, it sounds like setting prefersEphemeralWebBrowserSession = true has a serious double-edged sword to it. Not sharing cookies with Safari means that, if you’re trying to setup single-sign-on, it’s not really single-sign-on anymore. Part of the convenience of SSO is that you could already be signed into the auth provider on your web browser and that would carry over automatically to your app.


Thanks for the reply.
Based on this:
I’d say they are already using SFAuthenticationSession

About the double-edged sword, we understand this trully well, but it is a tradeoff we are willing to make in order to get rid of the Sign In popup, because the user would only need to sign in once, after that the app would use refresh tokens to keep the user signed in. We have discovered with beta testing users that this popup was really disturbing the login/signup flow.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.