Enable Keychain Sharing for App Extensions #2508
Comments
|
+1 |
royjit
added
auth
|
This has been identified as a feature request. If this feature is important to you, we strongly encourage you to give a 👍 reaction on the request. This helps us prioritize new features most important to you. Thank you! |
|
We are looking into this internally and will get back to you when we have more information. |
|
Is there any update on this one? We'd like to have a secure way to share the Auth tokens between our app and share extension as well. |
|
I added support for this in the PR above ^^^ |
|
@ekurutepe Thanks for your contribution. Sorry for the delay. |
|
PR require a detailed review and design, Amplify team will update here when we move forward with this. |
|
I wanted to make a note about this feature request since this is something that I've been struggling a lot with figuring out over the course of the last few days. I understand that this feature is in development (which is great!), but I'm hoping that when this feature is implemented it'll also include support for anybody who's signed in via Apple, Google, etc. Managing the auth session between a main app and app extension when someone is signed in with a username and password is pretty easy already (even though it's undocumented in the Amplify docs) and seems secure enough to me. Save the username and password as a keychain item, look for it in the extension, sign in via the extension with the password and username stored in the keychain, and that's it. However, this workflow is impossible when the user is signed in via an external provider because the password and username are not accessible. When the user signs in via an external provider, it does create keychain items, but as far as I can tell none of these keychain items include the user's password and username, which makes them useless for the purpose of signing in via an app extension. This might've gone without saying, but I didn't see anybody mention it above so I thought it was worth throwing it out there. Thanks! |
@julianworden Thanks for your detailed analysis. We will definitely take this information into account. Appreciate the effort. |
|
We'd also really like to see this enabled! |
|
Do you plan to implement it? |
|
Hello, any news on this? It's been over a year and no updates. It's a quite important feature to support, we cannot use app extensions properly because of this. |
|
@dandreiolteanu We are actively working on this feature and will link any PR's opened to this issue so that you can see the progress our team is making. |
|
Hi @bdhazman. We've been working on this feature, feel free to try out using keychain sharing through this branch. Usage is explained in the PR. We would appreciate any feedback or comments on how to improve this feature before we release, and let us know if something is unclear or not working! |
Is your feature request related to a problem? Please describe.
Amplify manages user authentication and credentials but while Amplify functionality (including authentication) can be used in App Extensions such as Share Extensions, authentication sessions are not shared between apps and their app extensions. This is a problem for developers who want to use the Amplify library for managing iOS authentication to their services but also build software that extends the functionality of their application with app extensions. (examples of feature request: 1, 2)
Describe the solution you'd like
An ideal solution is allowing for cross-app authentication by taking advantage of Apple's 'shared keychain' through keychain access groups in a manner similar to how Firebase does. Allowing developers to choose the keychain group their application uses would allow them to support cross-app authentication including App Extensions.
Amplify already relies on iOS's keychain so implementing this change would be a matter of making changes to how Amplify accesses and writes credentials to the system's keychain.
Making this change would give developers the opportunity to build suites of apps that require only one log in and extend functionality of their apps through deeper iOS integration with extensions such as Share Extensions and widgets.
Describe alternatives you've considered
Alternatives to this feature can result in poor user experiences or less secure workarounds.
I am open to hearing any other suggested alternatives for accessing existing authentication sessions in extensions of apps.
Is the feature request related to any of the existing Amplify categories?
Auth
Additional context
I am happy to provide contributions similar to what has been done here in order to build this feature into Amplify's Swift/iOS library.
The text was updated successfully, but these errors were encountered: