9 Replies
      Latest reply on Jul 18, 2019 1:30 PM by aniket.kulkarni
      vmnKCatigbe Level 1 Level 1 (0 points)

        I'm working on implementing Universal Links and Handoff for my domains, and running into some trouble.

         

        I've followed all of the Apple Guides, however I am hitting a roadblock when it comes to apple-app-site-association hosting.

         

        I have valid SSL certs for my domain, a valid apple-app-site-association file - however I am consistently seeing these errors in my logs:

        default 09:15:45.000000 -0500   swcd     2016-11-15 10:15:45.677187 AM [SWC] ### Bad apple-app-site-association server trust: -6754/0xFFFFE59E kAuthenticationErr, 4 (kSecTrustResultUnspecified), {
                "TrustResultValue" : 4
                "TrustEvaluationDate" : 2016-11-15 15:15:45.410148
                "TrustResultDetails" :
                [
                    {},
                    {}
                ]
            }
        
        default 09:15:45.000000 -0500   swcd     2016-11-15 10:15:45.697530 AM [SWC] ### Rejecting URL 'https://<redacted>/.well-known/apple-app-site-association' for auth method 'NSURLAuthenticationMethodServerTrust': -6754/0xFFFFE59E kAuthenticationErr
        default 09:15:46.000000 -0500   swcd     2016-11-15 10:15:46.189794 AM [SWC] ### Denying redirect 'https://<redacted>/.well-known/apple-app-site-association' -> 'http://<redacted>/.well-known/apple-app-site-association'
        default 10:15:46.000000 -0500   swcd     2016-11-15 10:15:46.251853 AM [SWC] ### Bad apple-app-site-association server trust: -6754/0xFFFFE59E kAuthenticationErr, 4 (kSecTrustResultUnspecified), {
                "TrustResultValue" : 4
                "TrustEvaluationDate" : 2016-11-15 15:15:46.241376
                "TrustResultDetails" :
                [
                    {},
                    {}
                ]
            }
        default 10:15:46.000000 -0500   swcd     2016-11-15 10:15:46.253257 AM [SWC] ### Rejecting URL 'https://<redacted>/apple-app-site-association' for auth method 'NSURLAuthenticationMethodServerTrust': -6754/0xFFFFE59E kAuthenticationErr
        Nov 11 09:04:35 iPad-Mini swcd[739] <Notice>: 2016-11-11 09:04:34.376592 AM [SWC] ### Download URL 'https://<redacted>/apple-app-site-association' failed: -6756/0xFFFFE59C kTypeErr
        

         

         

        If I use an unrelated test domain, then I get proper functionality with the same file.

        On my actual domain, the .well-known/apple-app-site-association does not redirect, it's by default a "301 Permanently Moved" response.  I am not sure if this causes any issues with the flow, but I see the app install make the call to .well-known, then the call to the root apple-app-site-association which succeeds.


        I've run the domains through all sorts of SSL validation tools, and they all show that it's properly setup -

        However, the apple universal search validator fails (https://search.developer.apple.com/appsearch-validation-tool), but does not give any good steps to resolve.

         

        If anyone could offer any help, it'd be very much appreciated here.

        • Re: Troubleshooting Universal Links
          eskimo Apple Staff Apple Staff (11,825 points)

          On my actual domain, the .well-known/apple-app-site-association does not redirect, it's by default a "301 Permanently Moved" response.

          I’m confused by this.  A 301 is a redirect, so how can your server both “not redirect” and be giving a “301”?

          default 09:15:46.000000 -0500 swcd 2016-11-15 10:15:46.189794 AM
          [SWC] ### Denying redirect 'https:…' -> 'http:…'

          Some factoids about the above:

          • SWC is shared web credential.

          • swcd is the shared web credential daemon.

          • That daemon uses NSURLSession to fetch the apple-app-site-association file.

          • That message is generated when NSURLSession delivers the -URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler: delegate callback to swcd.

          • When swcd gets this delegate callback and issues this log message, it always calls the completion handler with nil, causing the body of the redirection response to be delivered as the payload of this request.  That doesn’t sound good, eh?

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: Troubleshooting Universal Links
              vmnKCatigbe Level 1 Level 1 (0 points)

              So to followup, and apologies for the late response - I've removed all redirects, made sure they are static files with the correct content-types,  and still no luck.

               

              the errors regarding denying the redirect are resolved, but this issue still remains:

               

              default 22:51:58.815436 -0500   swcd    ### Download URL 'https://<redacted>/.well-known/apple-app-site-association' failed: -6756/0xFFFFE59C kTypeErr
              default 22:51:58.815971 -0500   swcd    Started request for domain '<redacted>', URL 'https://<redacted>/apple-app-site-association'
              default 22:51:58.871038 -0500   swcd    ### Download URL 'https://<redacted>/apple-app-site-association' failed: -6756/0xFFFFE59C kTypeErr
              default 22:51:58.871516 -0500   swcd    Completing request for 'https://<redacted>/apple-app-site-association', status -6756/0xFFFFE59C kTypeErr
              

               

               

              I see this when the app installs, when I launch safari on the device to the <redacted> site

                • Re: Troubleshooting Universal Links
                  eskimo Apple Staff Apple Staff (11,825 points)

                  In this context kTypeErr means that the apple-app-site-association JSON (either inside the CMS or standalone) is valid JSON but has an invalid internal structure.  There are lots of checks done on that structure, more than I can reasonably outline here.  If you post the JSON you’re using, I can take a quick look at it (feel free to redact the identifying details).

                  Share and Enjoy

                  Quinn “The Eskimo!”
                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                  let myEmail = "eskimo" + "1" + "@apple.com"

                    • Re: Troubleshooting Universal Links
                      eywebdeveloperteam Level 1 Level 1 (0 points)

                      - There are a way to use "Multi-domain" certificates (SAN Certificates) for universal links? The certificate is expedited for .com as base and the other domains are .fr, .es, .de...

                      - For the .com all is ok, an universal links are working, but for the other domains, the log console show me a fail:

                      <Notice>: ### Bad apple-app-site-association server trust: -6754/0xFFFFE59E kAuthenticationErr, 5 (kSecTrustResultRecoverableTrustFailure), {

                                              "TrustResultDetails" :

                                                  [

                                                      {

                                                          "SSLHostname" : false,

                                                      },

                                                      {},

                                                      {}

                                                  ],

                                                  "TrustResultValue" : 5,

                                                  "TrustEvaluationDate" : 2016-11-22 05:52:49.792425,

                                                  "TrustCertificateTransparency" : true,

                      }

                      • Re: Troubleshooting Universal Links
                        vmnKCatigbe Level 1 Level 1 (0 points)

                        here's the json:

                         

                         

                        Raw:

                         

                        {"activitycontinuation":{"apps":["TEAM_ID.com.app.bundleid","ALT_TEAM_ID.com.app.bundleid-develop"]},"applinks":{"apps":[],"details":[{"appID":"TEAM_ID.com.app.bundleid","paths":[["\/shows\/","\/full-episodes\/","\/video-clips\/"]]},{"appID":"ALT_TEAM_ID.com.app.bundleid-develop","paths":[["\/shows\/","\/full-episodes\/","\/video-clips\/"]]}]}}
                        

                         

                         

                        Formatted:

                         

                        {
                            "activitycontinuation": {
                                "apps": ["TEAM_ID.com.app.bundleid", "ALT_TEAM_ID.com.app.bundleid-develop"]
                            },
                            "applinks": {
                                "apps": [],
                                "details": [{
                                    "appID": "TEAM_ID.com.app.bundleid",
                                    "paths": [
                                        ["\/shows\/", "\/full-episodes\/", "\/video-clips\/"]
                                    ]
                                }, {
                                    "appID": "ALT_TEAM_ID.com.app.bundleid-develop",
                                    "paths": [
                                        ["\/shows\/", "\/full-episodes\/", "\/video-clips\/"]
                                    ]
                                }]
                            }
                        }
                        
                  • Re: Troubleshooting Universal Links
                    SupaBasti Level 1 Level 1 (10 points)

                    I also get those "Bad apple-app-site-association server trust: -6754" errors although all SSL-stuff is setup correctly. I can download the file with NSURLSession without any problems:

                     

                    Optional(<NSHTTPURLResponse: 0x60c00022a200> 
                    { URL: http://server/.well-known/apple-app-site-association }
                    { Status Code: 200, Headers {
                        "Accept-Ranges" =     (
                            bytes
                        );
                        "Cache-Control" =     (
                            "private,max-age=10"
                        );
                        Connection =     (
                            "keep-alive"
                        );
                        "Content-Length" =     (
                            301
                        );
                        "Content-Type" =     (
                            "application/json"
                        );
                        Date =     (
                            "Wed, 11 Apr 2018 13:08:15 GMT"
                        );
                        Etag =     (
                            "\"4ad5554785a1d31:0\""
                        );
                        "Last-Modified" =     (
                            "Fri, 09 Feb 2018 09:06:32 GMT"
                        );
                        "Proxy-Connection" =     (
                            "keep-alive"
                        );
                        Server =     (
                            "Microsoft-IIS/7.5"
                        );
                        Via =     (
                            "1.1 proxy:3128 (Cisco-WSA/8.5.3-069)"
                        );
                        "X-Powered-By" =     (
                            "ASP.NET"
                        );
                    } })
                    

                     

                    Could you solve your error?

                      • Re: Troubleshooting Universal Links
                        eskimo Apple Staff Apple Staff (11,825 points)

                        What are you seeing in the system log?  In vmnKCatigbe’s first post they show a bunch of logging that’s around this error.  Are you seeing similar logging?  If so, please post a copy.

                        Share and Enjoy

                        Quinn “The Eskimo!”
                        Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                        let myEmail = "eskimo" + "1" + "@apple.com"

                          • Re: Troubleshooting Universal Links
                            aniket.kulkarni Level 1 Level 1 (0 points)

                            Hello ,

                             

                            We are facing issues with app linking where it works on some devices and does not on the others. Our app version is in Testflight .

                             

                            When we check the console of the device where it does not work we see following error.

                             

                            default 13:54:36.992693 +0200 swcd Started request for domain , URL 'https://www.xxx.be/.well-known/apple-app-site-association'

                            default 13:54:37.016006 +0200 dasd Submitted Activity: com.apple.CFNetwork-cc-98-54-Task <73F68C34-7F2A-4E19-85B0-5C2526FE11BB>.<com.apple.swcd>.<com.apple.SharedWebCredentials-55DDB6A7-DB8D-47A9-BECC-AE2B110595A1>.<1>:62BB26 at priority 90 <private>

                            default 13:54:37.020478 +0200 dasd com.apple.CFNetwork-cc-98-54-Task <73F68C34-7F2A-4E19-85B0-5C2526FE11BB>.<com.apple.swcd>.<com.apple.SharedWebCredentials-55DDB6A7-DB8D-47A9-BECC-AE2B110595A1>.<1>:62BB26:[

                            {name: ApplicationPolicy, policyWeight: 5.000, response: {Decision: Can Proceed, Score: 0.10}}

                            {name: DeviceActivityPolicy, policyWeight: 10.000, response: {Decision: Can Proceed, Score: 0.60}}

                            ] sumScores:27.200000, denominator:35.700000, FinalDecision: Can Proceed FinalScore: 0.761905}

                            default 13:54:37.020575 +0200 dasd 'com.apple.CFNetwork-cc-98-54-Task <73F68C34-7F2A-4E19-85B0-5C2526FE11BB>.<com.apple.swcd>.<com.apple.SharedWebCredentials-55DDB6A7-DB8D-47A9-BECC-AE2B110595A1>.<1>:62BB26' DecisionToRun:1 (Bypasses Predictions)

                            default 13:54:37.059375 +0200 nsurlsessiond [C58 Hostname#ec124cd0:443 tcp, bundle id: com.apple.swcd, url hash: d0fc027c, tls, indefinite] start

                            default 13:54:37.266159 +0200 swcd ### Bad apple-app-site-association server trust: -6754/0xFFFFE59E kAuthenticationErr, 1 (kSecTrustResultProceed), {

                                "TrustExpirationDate" : 2019-07-25 06:35:42.000,

                                "TrustRevocationChecked" : true,

                                "TrustExtendedValidation" : true,

                                "Organization" : "XXX ",

                                "TrustResultValue" : 1,

                                "TrustCertificateTransparency" : true,

                                "TrustEvaluationDate" : 2019-07-18 11:54:37.252,

                                "TrustResultDetails" :

                                [

                                    {},

                                    {},

                                    {}

                                ],

                            }

                            default 13:54:37.266216 +0200 swcd ### Rejecting URL 'https://www.XXX.be/.well-known/apple-app-site-association' for auth method 'NSURLAuthenticationMethodServerTrust': -6754/0xFFFFE59E kAuthenticationErr

                            default 13:54:37.267680 +0200 swcd Task <1674E61D-77F1-4D10-9820-CFF592216A27>.<2> resuming, QOS(0x15)

                            default 13:54:37.267737 +0200 swcd Create activity <nw_activity 12:3>

                            default 13:54:37.267901 +0200 swcd Activated <nw_activity 12:3 [33900FB4-9DBD-4648-966C-A6EEC044C195] (reporting strategy default)>

                            default 13:54:37.268273 +0200 swcd [Telemetry]: Activity <nw_activity 12:3 [33900FB4-9DBD-4648-966C-A6EEC044C195] (reporting strategy default)> on Task <1674E61D-77F1-4D10-9820-CFF592216A27>.<2> was not selected for reporting

                            default 13:54:37.270222 +0200 swcd Started request for domain 'www.XXX.be', URL 'https://www.xxx.be/apple-app-site-association'

                            default 13:54:37.273741 +0200 dasd Submitted Activity: com.apple.CFNetwork-cc-98-55-Task <1674E61D-77F1-4D10-9820-CFF592216A27>.<com.apple.swcd>.<com.apple.SharedWebCredentials-55DDB6A7-DB8D-47A9-BECC-AE2B110595A1>.<2>:3F4E84 at priority 90 <private>

                            default 13:54:37.275261 +0200 dasd com.apple.CFNetwork-cc-98-55-Task <1674E61D-77F1-4D10-9820-CFF592216A27>.<com.apple.swcd>.<com.apple.SharedWebCredentials-55DDB6A7-DB8D-47A9-BECC-AE2B110595A1>.<2>:3F4E84:[

                            {name: ApplicationPolicy, policyWeight: 5.000, response: {Decision: Can Proceed, Score: 0.10}}

                            {name: DeviceActivityPolicy, policyWeight: 10.000, response: {Decision: Can Proceed, Score: 0.60}}

                            ] sumScores:27.200000, denominator:35.700000, FinalDecision: Can Proceed FinalScore: 0.761905}

                            default 13:54:37.275403 +0200 dasd 'com.apple.CFNetwork-cc-98-55-Task <1674E61D-77F1-4D10-9820-CFF592216A27>.<com.apple.swcd>.<com.apple.SharedWebCredentials-55DDB6A7-DB8D-47A9-BECC-AE2B110595A1>.<2>:3F4E84' DecisionToRun:1 (Bypasses Predictions)

                            default 13:54:37.278397 +0200 nsurlsessiond [C59 Hostname#ec124cd0:443 tcp, bundle id: com.apple.swcd, url hash: c76faa2c, tls, indefinite] start

                            default 13:54:37.444839 +0200 swcd <nw_activity 12:3 [81BB1A2C-179B-49E7-96F0-7360EB6EF4E1] (reporting strategy default) complete (reason failure)> complete with reason 3 (failure), duration 480ms

                            error 13:54:37.444895 +0200 swcd Task <73F68C34-7F2A-4E19-85B0-5C2526FE11BB>.<1> load failed with error Error Domain=NSURLErrorDomain Code=-999 UserInfo={NSErrorFailingURLStringKey=<private>, NSErrorFailingURLKey=<private>, _NSURLErrorRelatedURLSessionTaskErrorKey=<private>, _NSURLErrorFailingURLSessionTaskErrorKey=<private>, NSLocalizedDescription=<private>} [-999]

                            default 13:54:37.635952 +0200 swcd ### Request for 'https://www.XXX.be/apple-app-site-association' denied: 404/0x194 Not Found

                            default 13:54:37.636026 +0200 swcd Completing request for 'https://www.XXX.be/apple-app-site-association', status 0/0x0 noErr

                            default 13:54:37.637070 +0200 swcd Updated app ID '8C3949R27A.be.XXX.MyXXX2', domain 'www.xxx.be', flags 0x0 < > -> 0x4 < SiteDenied > on check

                            default 13:54:37.641292 +0200 swcd <nw_activity 12:3 [33900FB4-9DBD-4648-966C-A6EEC044C195] (reporting strategy default) complete (reason failure)> complete with reason 3 (failure), duration 274ms

                            error 13:54:37.642884 +0200 swcd Task <1674E61D-77F1-4D10-9820-CFF592216A27>.<2> load failed with error Error Domain=NSURLErrorDomain Code=-999 UserInfo={NSErrorFailingURLStringKey=<private>, NSErrorFailingURLKey=<private>, _NSURLErrorRelatedURLSessionTaskErrorKey=<private>, _NSURLErrorFailingURLSessionTaskErrorKey=<private>, NSLocalizedDescription=<private>} [-999]

                            default 13:54:37.645895 +0200 swcd Closing NSURLSession com.apple.SharedWebCredentials-55DDB6A7-DB8D-47A9-BECC-AE2B110595A1

                            default 13:54:37.645949 +0200 swcd Save database

                             

                            If someone has faced simlilar issue or provide any help it will be appreciated.

                            Regards,

                            Aniket