Issues with Apple Authentication in CloudKit JS

Hello, everyone!

I'm using CloudKit JS with a React SPA to allow users from a mobile app to access their data in a web browser. Currently, the project is still under development so there are no public users beside my team.

The way I've integrated CK JS in my app is via their CDN, importing the required url in my index.html file.

However, I'm having issues with the Authentication using Apple Sign In. While the Sign In and Sign Out buttons work correctly for me and my teammates, the session is not persisted for everyone. Actually, I'm the only one from me team that does not have to log in every day.

I have the following configuration function:

export const configureCloudKit = () => {
  window.CloudKit.configure({
    locale: 'en-us',
    containers: [
      {
        containerIdentifier: CONTAINER_ID,
        apiTokenAuth: {
          apiToken: API_TOKEN,
          persist: true,
          signInButton: {
            id: 'apple-sign-in-button',
            theme: 'black',
          },
          signOutButton: {
            id: 'apple-sign-out-button',
            theme: 'black',
          },
        },
        environment: 'development',
      },
    ],
  });
};

As you can see, I'm using the persist:true option so there shouldn't be any issues with having a persistent session.

From my research, I found that CloudKit JS sets a cookie called iCloud.com.myContainerName and if I delete that cookie, when I reload the browser, the session is indeed lost. This happens for all my teammates, same cookie and same behavior.

Nevertheless, I also found three cookies that are not present for any of my teammates but me (using Google Chrome). Those are called:

  • X-APPLE-WEBAUTH-AC-PARTITION
  • X-APPLE-WEBAUTH-AC-SERVERINFO
  • X-APPLE-WEBAUTH-AC-TOKEN

But even if I delete those cookies, the session is not lost for me.

Does anyone know whether I'm doing something wrong with the configuration?

Or if there are something I'm not taking into account regarding the cookies handling in my project?

The cookie thing is private, which I am not sure folks can comment a lot. As a specification though, a web authentication token expires 30 minutes after it is created. If the user selects “Keep me signed in” during the sign-in window, the duration of the token is 2 weeks. I am wondering it is that you selected the “Keep me signed in” option and your colleagues didn't.

Meanwhile, I am wondering if the CloudKit on the web sample <https://cdn.apple-cloudkit.com/cloudkit-catalog/> presents the same behavior. The configuration is pretty much the same as yours.

Best,
——
Ziqiao Chen
 Worldwide Developer Relations.

Issues with Apple Authentication in CloudKit JS
 
 
Q