Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save Tak783/446b4921cf0894f031eacbd641122928 to your computer and use it in GitHub Desktop.
Save Tak783/446b4921cf0894f031eacbd641122928 to your computer and use it in GitHub Desktop.
import UIKit
import SafariServices
import AuthenticationServices
import AppAuth
import Reachability
class OIDExternalUserAgentASWebAuthenticationSession: NSObject, OIDExternalUserAgent {
private let presentingViewController: UIViewController
private var externalUserAgentFlowInProgress: Bool = false
private var authenticationViewController: ASWebAuthenticationSession?
private weak var session: OIDExternalUserAgentSession?
init(with presentingViewController: UIViewController) {
self.presentingViewController = presentingViewController
func present(_ request: OIDExternalUserAgentRequest, session: OIDExternalUserAgentSession) -> Bool {
if externalUserAgentFlowInProgress {
return false
guard let requestURL = request.externalUserAgentRequestURL() else {
return false
self.externalUserAgentFlowInProgress = true
self.session = session
var openedUserAgent = false
// ASWebAuthenticationSession doesn't work with guided access (Search web for "rdar://40809553")
// Make sure that the device is not in Guided Access mode "(Settings -> General -> Accessibility -> Enable Guided Access)"
if UIAccessibility.isGuidedAccessEnabled == false {
let redirectScheme = request.redirectScheme()
let authenticationViewController = ASWebAuthenticationSession(url: requestURL, callbackURLScheme: redirectScheme) { (callbackURL, error) in
self.authenticationViewController = nil
if let url = callbackURL {
self.session?.resumeExternalUserAgentFlow(with: url)
} else {
let webAuthenticationError = OIDErrorUtilities.error(with: OIDErrorCode.userCanceledAuthorizationFlow,
underlyingError: error,
description: nil)
authenticationViewController.presentationContextProvider = self
/// ** Key Line of code -> `.prefersEphemeralWebBrowserSession`** allows for private browsing
authenticationViewController.prefersEphemeralWebBrowserSession = true
self.authenticationViewController = authenticationViewController
openedUserAgent = authenticationViewController.start()
} else {
let webAuthenticationError = OIDErrorUtilities.error(with: OIDErrorCode.safariOpenError,
underlyingError: AuthenticationManager.AuthenticationError.appInGuidedAccessMode,
description: nil)
return openedUserAgent
func dismiss(animated: Bool, completion: @escaping () -> Void) {
// Ignore this call if there is no authorization flow in progress.
if externalUserAgentFlowInProgress == false {
if authenticationViewController != nil {
} else {
extension OIDExternalUserAgentASWebAuthenticationSession {
/// Sets class variables to nil. Note 'weak references i.e. session are set to nil to avoid accidentally using them while not in an authorization flow.
func cleanUp() {
session = nil
authenticationViewController = nil
externalUserAgentFlowInProgress = false
extension OIDExternalUserAgentASWebAuthenticationSession: ASWebAuthenticationPresentationContextProviding {
func presentationAnchor(for session: ASWebAuthenticationSession) -> ASPresentationAnchor {
return presentingViewController.view.window!
Copy link

ast3150 commented Oct 8, 2020

Just add if #available(iOS 13, *) {...} around the line setting prefersEphemeralWebBrowserSession.

Copy link

iBolom commented Oct 8, 2020

i mean is there any solution to make permission dialog not appearing on lower versions than iOS 13.

Copy link

ast3150 commented Oct 8, 2020

Depending on the scenario you could use SFSafariViewController as an external user agent, check the discussion here: openid/AppAuth-iOS#402

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment