Does ASWebAuthenticationSession obey to App Transport Security Settings?

Hi,


is ASWebAuthenticationSession checking the App Transport Security Settings when it calls the give URL? For example if I configure Certificate Transparency for the domain of URL, will the domains certificate be correctly verified?


Background is that we want certificate pinning for our authentication flow and as fare I undertand it that is not possible with ASWebAuthenticationSession. Certificate Transparency can be configured in ATS and if ASWebAuthenticationSession obeys to ATS, that would be a valid replacement for pinning the cert.


Thanks!


Best

Alex

Up vote post of sofacoder Down vote post of sofacoder
1.4k views
Posted by
sofacoder
Reply
Add a Comment

Accepted Reply

Certificate Transparency (CT) can be configured in ATS and if 

ASWebAuthenticationSession
obeys to ATS, that would be a valid replacement for pinning the cert.

Have you read the Apple’s Certificate Transparency policy article, published by Apple Support? This policy is enforced by iOS 12.1.1 (and the related watchOS and tvOS releases) and macOS 10.14.2, so if you’re running on a modern system your question is irrelevant because you get CT on all connections.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Replies

Certificate Transparency (CT) can be configured in ATS and if 

ASWebAuthenticationSession
obeys to ATS, that would be a valid replacement for pinning the cert.

Have you read the Apple’s Certificate Transparency policy article, published by Apple Support? This policy is enforced by iOS 12.1.1 (and the related watchOS and tvOS releases) and macOS 10.14.2, so if you’re running on a modern system your question is irrelevant because you get CT on all connections.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment