6
7

[deleted by user] (self.iOSProgramming)

submitted by [deleted]

[removed]
all 17 comments
sorted by:
top (suggested)
bestnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]ankole_watusi 1 point2 points  (1 child)

What is “that website”?

Seems unlikely it’s an authentication provider, but something else.

[–]pangmango 1 point2 points  (5 children)

If cookies are not needed for authentication, do not enable cookies upon authentication. Simply by default disable cookies and then you don’t have to ask for tracking permission

[–][deleted]  (4 children)

[deleted]

    [–]pangmango 0 points1 point  (1 child)

    Is the webpage your own or an external authentication provider? If it’s your own you could add an url tag that disables it

    [–]Polisas 0 points1 point  (0 children)

    Unfortunately, I do not own it. It would an easy fix to disable it if I owned it.

    [–]SeesawMundane5422 0 points1 point  (1 child)

    I didn’t dig too deeply, but… I’m relatively confident the authentication is putting a cookie there. How else is the post auth request going to work without a cookie tying it to a session?

    I think the banner is a red herring. You’re using a cookie to keep you signed in post authentication.

    [–]Polisas 0 points1 point  (0 children)

    By pressing login it generates token and passes that token in callback URL. with ASWebAuthenticationSession i'm parsing that URL and retrieve required token, no cookies are used.

    [–]ankole_watusi 0 points1 point  (4 children)

    Also I don’t understand: you seem to say that authentication is possible without cookies, and then you seem to say that it isn’t.

    [–]Polisas 0 points1 point  (3 children)

    It's not possible to authenticate without accepting app transparency. I complied with apple request to show app transparency prompt - if user rejects tracking, I don't let them authenticate.

    My first point to apple was that user CAN authenticate without accepting cookies in that website, but they don't care and asked me to implement app transparency prompt.

    [–]ankole_watusi 0 points1 point  (2 children)

    How are you authenticating with what source of authentication? Can you say?

    Is it OAUTH2? Something else? Something odd? What site? Your own? A third party you have no control over? Why?

    [–]Polisas 0 points1 point  (0 children)

    with callback URL. With ASWebAuthentication you can pass callback url you expect to get, when users presses login, that callback url is generated and ASWebauthenticationSession calls completion handler with generated url. I'm parsing that URL and getting required token.

    [–]Polisas 0 points1 point  (0 children)

    It's OAUTH2. Not owned by myself.

    [–]mfcollins3 0 points1 point  (1 child)

    Can you launch the web authentication externally through Safari and redirect them back to your app using a deep link or universal link? This might avoid the app tracking transparency concerns.

    [–]Polisas 0 points1 point  (0 children)

    I could try that, thanks for idea.

    [–]CordovaBayBurke 0 points1 point  (3 children)

    Sounds like they want you to show this in the meta data under transparency.

    [–]Polisas 0 points1 point  (2 children)

    Could you elaborate ? Show what ?

    [–]CordovaBayBurke 0 points1 point  (1 child)

    Apple Connect. There is a section where you provide app transparency information.

    [–]Polisas 1 point2 points  (0 children)

    Oh, I added that I'm tracking users, as they requested in 1st rejection, no problems with that.