We have a web app that is shown in a native app A via SfAuthenticationSession. We have another app B that is like an auth provider which is owned by another organization. Most of our functionality is designed in the web-app. The login flow is like this.
- App A launches web-app(in SfAuthenticationSession) and web-app checks for an existing session, if no valid session exists, web-app launches app B via deeplink asking for login
- App B -after login- will launch web-app again(in safari browser) with a token that can be used with our login APIs, once we get session information from APIs we save them in cookies within the web-app.
- after the login completes web-app will use deeplinks to open app A so that web-app can be shown within the app using SfAuthenticationSession
- App A will recognize the deeplink and bring up web-app again in SfAuthenticationSession to show the UI. We are facing an issue here where SfAuthenticationSession cant read the cookies and the whole process repeats once more(but just once). Even though SfAuthenticationSession can’t read cookies we can see that we are already logged into web-app in safari browser
The issue is reproducible if the user is quick through step 3, there will be a prompt in safari browser asking to launch app A. If the user waits here, the newly launched SfAuthenticationSession can read cookies. If a delay is added before launching the deeplink the chances of getting the login loop reduces.
Is there a known issue where SfAuthenticationSession is "occasionally" not able to read cookies set on Safari? And is there a workaround?