Is cookie shared?
Closed this issue · 3 comments
Everything works fine in the authentication phase. A Safari window opens, the phone asks if it's okay to share information with , it loads the form on the authorization endpont and the url with query string is returned. I also can see, that a cookie is set by the authorization endpoint. This cookie is a cookie with a expiration date, so it's not confused for a session cookie. And using Safari developer tools I can see that the cookie is in the browser in the storage tab.
However this cookie seems not to be shared with the app. When I try to trade the authorization code for an access token on the token endpoint with a post request, the cookie is not send along with the request. It should, shouldn't it?
Am I understanding correctly that you are trying to make a request from within the app, using a cookie that is stored in the authentication session?
The app does not share storage with the authentication session. Authentication sessions can share storage between themselves but the storage is separate from the app.
What I did, at the OAuth2 token endpoint, was hoping to retrieve the cookie set at the OAuth2 authentication endpoint. It's not part of the rfc, but an extra check that always worked, but not when using ASWebauthenticationSession. In the meantime I've found out that - as you say - the cookie set in ASWebauthenticationSession is not shared with the app and therefore not send when making a request from the app after authentication. Thanks for your reply. And thanks for the plugin!
Happy to help! I'm glad you were able to determine what was going on. Thanks for reaching out!