The premises are Open ID Connect, Redirect Extension and a supervised iOS 13 device running with MDM. The extension triggers and the host app successfully retrieves HTTPURLResponse and Data the extension.
The flow is as follows:
Host app calls AssociatedDomainURL.
The SSO extension make an API call to AnotherURL.
Inside the extension's beginAuthorization(with:), call complete(httpResponse:httpBody:) and pass AnotherURL's HTTPURLResponse and Data.
The host app retrieves AnotherURL's HTTPURLResponse and Data through the extension.
In a web browser, the extension triggers when AssociatedDomainURL is entered into the search bar. How does a web app AnotherURL's HTTPURLResponse and Data like the host app?