Using the web SIWA, the user is presented with the page asking them to confim continued use of the Apple ID with the application. After the user clicks the Continue button, I get a spinner and can see network traffic calling my redirect_uri, but before my page returns, the Continue button is enabled again, and it appears that the user should click the button again. This then calls my redirect_uri again. When this happens, my system is seeing this as a replay attack as the same nonce and state is used. Is there a way to disable the Continue button once it has been pressed?
khacken
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
Last seen
User for