I’m working on an iOS app using WKWebView, and I’ve implemented the following authentication flow:
Sign-In Process: The sign-in process is handled natively.
Access Token Storage: Once the user is signed in, the access token is stored within the app. WebView Cookie Setting: When a webview is opened, the app sets the access token in the webview’s cookies.
Token Validation: The web server validates the access token from the cookie.
Problem:
I’m encountering an issue where the authentication state between the native app and the webview doesn’t always synchronize correctly. Specifically:
Sign-In Issue: If a user signs in while the webview is already open, the native app attempts to set the cookie in the webview. However, there are cases where the cookie isn’t set properly, and the server fails to retrieve the access token, similar to when a user is signed out.
Sign-Out Issue: When a user signs out, the native app deletes the cookie. Although the app reports success in deleting the cookie, the webview sometimes still retains the cookie, which can cause inconsistencies.
These issues don’t happen consistently, and the behavior seems to be somewhat random.
My Questions:
Is there a problem with how I’m sharing authentication between the native app and the webview?
Do you have any suggestions or best practices for ensuring that the cookie management between the native app and WKWebView is reliable?
Thank you in advance for your help!
I believe that the native app should manage the cookies for the WKWebView. However, I’m encountering issues where the cookies are not always synchronized properly between the native app and the webview.