Extensible SSO and sample code

I have a similar question. I have an app that implements the extension but I can't get it to actually add a header to an HTTP request. I'm assuming if I go to the url listed in the MDM profile it will add the header, but I'm not seeing that.

import UIKit
import AuthenticationServices


class AuthenticationViewController: UIViewController {


    var authorizationRequest: ASAuthorizationProviderExtensionAuthorizationRequest?


    override func loadView() {
        super.loadView()
        // Do any additional setup after loading the view.
    }


    override var nibName: String? {
        return "AuthenticationViewController"
    }
}


extension AuthenticationViewController: ASAuthorizationProviderExtensionAuthorizationRequestHandler {
    
    public func beginAuthorization(with request: ASAuthorizationProviderExtensionAuthorizationRequest) {
        self.authorizationRequest = request


        // Call this to indicate immediate authorization succeeded.
        let authorizationHeaders: [String: String] = ["Authorization" : "API mytoken"] // TODO: Fill in appropriate authorization headers.
        request.complete(httpAuthorizationHeaders: authorizationHeaders)
       
        // Or present authorization view and call self.authorizationRequest.complete() later after handling interactive authorization.
        // request.presentAuthorizationViewController(completion: { (success, error) in
        //     if error != nil {
        //         request.complete(error: error!)
        //     }
        // })
    }
}

mdm profile looks like:

  ExtensionIdentifier
  com.example.Example-Authenticator.Example-SSO
  PayloadDescription
  Configures Single Sign-On Extensions
  PayloadDisplayName
  Single Sign-On Extensions
  PayloadIdentifier
  com.apple.extensiblesso.F161FF82-39EB-41F8-9964-CF0EA36AEBBA
  PayloadType
  com.apple.extensiblesso
  PayloadUUID
  F161FF82-39EB-41F8-9964-CF0EA36AEBBA
  PayloadVersion
  1
  Type
  Redirect
  URLs
  
  https://company.example.com
  
 

I was expecting if I just go to https://company.example.com in safari I would see the header. It's a debug build of the app.

Is there still no sample code for implemeting this?

Does your server have .well-known/associated.... json file?

Has anyone had any luck getting their extension to fire? I believe I've got everything setup but it just doesn't trigger and I have no idea why.

Is there any samples available from wwdc demo? for Enterprise extn SSO

There is a techtalk video on this topic, that seems to go more into details

https://developer.apple.com/videos/play/tech-talks/301/

Seems like you're confusing 2 types of the SSO extensions.

If you want to provide headers, your extension should be of a Credential type, not Redirect.

Redirect extension is for handling requests.

Credential requests is for handling challenges.

Can I use this code for Redirect Extension?

var authController : ASAuthorizationController?
let authProvider = ASAuthorizationSingleSignOnProvider(identityProvider: URL(string: "https://example.com")!)

    @IBAction func logIn(_ sender: Any) {
        if self.authProvider.canPerformAuthorization {
            let request = self.authProvider.createRequest()
            request.requestedOperation = ASAuthorization.OpenIDOperation.operationLogin
            self.authController = ASAuthorizationController(authorizationRequests: [request])
            self.authController?.delegate = self
            self.authController?.presentationContextProvider = self
            self.authController?.performRequests()
        }
    }

Any update on it as we are also looking for some sample codes on it.