How do you handle Apple Sign In with WKWebView for platform less than iOS 13?

Question

I'm working on an app that must support Apple Sign In with iOS 10.0+. For the latest iOS I can use AuthenticationServices native library. That's fine, however, for iOS 10-12 we would like to use WKWebView to handle the authentication embedded in app to get the token and email (when possible) after the auth is complete.

I'm following their official guide from apple: https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/incorporating_sign_in_with_apple_into_other_platforms

The problem now is that when I configure the redirect_uri, how do I get token back from the WKWebView after auth completes successfully? I have "tried" to intercept the response and get the token via the WKWebKit's WKNavigationDelegate navigationResponse response body but to no avail. I'm missing a key information.

public func webView(_ webView: WKWebView,
                    decidePolicyFor navigationAction: WKNavigationAction,
                    decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
        decisionHandler(.allow)
}

private func signInUsingWebAuthenticationSession() {

        let queryItems = [
            URLQueryItem(name: "client_id", value: "com.devapp.app"),
            URLQueryItem(name: "redirect_uri", value: "https://dev.devapp.com/redirect"),
            URLQueryItem(name: "response_type", value: "code id_token"), // Or code
            URLQueryItem(name: "scope", value: "name email"), // Retrieve name and email
            URLQueryItem(name: "response_mode", value: "form_post")
        ]

        var urlComps = URLComponents(string: "https://appleid.apple.com/auth/authorize")!
        urlComps.queryItems = queryItems

        guard let authURL = urlComps.url else {
            return
        }

        /// ... Load this url in WKWebView
}

I hope there are some smart developers out there who has encountered/solved this issue before and are happy to share their knowledge. Cheers!

P.S If there are other solution that would work, feel free to comment

Answer 1

Your app will not be approved if you support iOS versions less than 13. If you are required to implement sign in with Apple ID you have to their JS solution as you have already guessed for older versions. I am too still trying to find out how

Answer 2

I've now completed the Apple SignIn support for iOS9 - iOS12 and would like to post the solution if other devs needed help with this. It turns out the answer is in the documentation already (link below), but some words just needs a little more explanation.

https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/incorporating_sign_in_with_apple_into_other_platforms

Solution:

1. Firstly, the 'redirect_uri' you send to Apple Auth REST API cannot be a custom scheme as only http/https is supported. To redirect auth data (incl id_token data) to your app, you need to have access to your own server, parse the response (or other logic) and perform the redirect yourself AFTER the API returns to the 'redirect_uri' you specified above. How you send the auth data to your app securely is up to you. Options are custom scheme, or redirected URL (with auth data "attached") from your server and parse the id_token out of it. I've used WKWebView and WKNavigationDelegate's decidePolicyFor delegate to capture the url info.

2. Once the auth data is captured in your app, you can dismiss the WKWebView. The Auth Data contains JWT. If you need the user data and email (if you requested it in the scope) etc you need to decode the JWT and look at the 'sub' and 'email'. I used JWTDecode library for decoding https://github.com/auth0/JWTDecode.swift

3. For iOS13+ just use the built in AuthenticationServices's ASAuthorizationController.

Cheers!