diff --git a/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.h b/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.h index 12abc203c..e28c090f1 100644 --- a/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.h +++ b/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.h @@ -43,8 +43,8 @@ API_UNAVAILABLE(macCatalyst) @discussion The specific authentication UI used depends on the iOS version and accessibility options. iOS 8 uses the system browser, iOS 9-10 use @c SFSafariViewController, iOS 11 uses @c SFAuthenticationSession - (unless Guided Access is on which does not work) or uses @c SFSafariViewController, and iOS - 12+ uses @c ASWebAuthenticationSession (unless Guided Access is on). + (unless Guided Access or Assistive Access is on which does not work) or uses @c SFSafariViewController, and iOS + 12+ uses @c ASWebAuthenticationSession (unless Guided Access or Assistive Access is on). */ - (nullable instancetype)initWithPresentingViewController: (UIViewController *)presentingViewController @@ -54,7 +54,7 @@ API_UNAVAILABLE(macCatalyst) @param presentingViewController The view controller from which to present the browser. @param prefersEphemeralSession Whether the caller prefers to use a private authentication session. See @c ASWebAuthenticationSession.prefersEphemeralWebBrowserSession for more. - @discussion Authentication is performed with @c ASWebAuthenticationSession (unless Guided Access + @discussion Authentication is performed with @c ASWebAuthenticationSession (unless Guided Access or Assistive Access is on), setting the ephemerality based on the argument. */ - (nullable instancetype)initWithPresentingViewController: diff --git a/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.m b/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.m index 4a8cda0a3..dced67743 100644 --- a/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.m +++ b/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.m @@ -24,6 +24,7 @@ #import #import +#import #import "OIDErrorUtilities.h" #import "OIDExternalUserAgentSession.h" @@ -100,8 +101,12 @@ - (BOOL)presentExternalUserAgentRequest:(id)request // iOS 12 and later, use ASWebAuthenticationSession if (@available(iOS 12.0, *)) { - // ASWebAuthenticationSession doesn't work with guided access (rdar://40809553) - if (!UIAccessibilityIsGuidedAccessEnabled()) { + BOOL assistiveAccessEnabled = NO; + if (@available(iOS 18.0, *)) { + assistiveAccessEnabled = AXAssistiveAccessEnabled(); + } + // ASWebAuthenticationSession doesn't work with guided access (rdar://40809553) or assistive access + if (!UIAccessibilityIsGuidedAccessEnabled() && !assistiveAccessEnabled) { __weak OIDExternalUserAgentIOS *weakSelf = self; NSString *redirectScheme = request.redirectScheme; ASWebAuthenticationSession *authenticationVC = @@ -136,32 +141,38 @@ - (BOOL)presentExternalUserAgentRequest:(id)request } // iOS 11, use SFAuthenticationSession if (@available(iOS 11.0, *)) { - // SFAuthenticationSession doesn't work with guided access (rdar://40809553) - if (!openedUserAgent && !UIAccessibilityIsGuidedAccessEnabled()) { - __weak OIDExternalUserAgentIOS *weakSelf = self; - NSString *redirectScheme = request.redirectScheme; - SFAuthenticationSession *authenticationVC = - [[SFAuthenticationSession alloc] initWithURL:requestURL - callbackURLScheme:redirectScheme - completionHandler:^(NSURL * _Nullable callbackURL, - NSError * _Nullable error) { - __strong OIDExternalUserAgentIOS *strongSelf = weakSelf; - if (!strongSelf) { - return; - } - strongSelf->_authenticationVC = nil; - if (callbackURL) { - [strongSelf->_session resumeExternalUserAgentFlowWithURL:callbackURL]; - } else { - NSError *safariError = - [OIDErrorUtilities errorWithCode:OIDErrorCodeUserCanceledAuthorizationFlow - underlyingError:error - description:@"User cancelled."]; - [strongSelf->_session failExternalUserAgentFlowWithError:safariError]; - } - }]; - _authenticationVC = authenticationVC; - openedUserAgent = [authenticationVC start]; + if (!openedUserAgent) { + BOOL assistiveAccessEnabled = NO; + if (@available(iOS 18.0, *)) { + assistiveAccessEnabled = AXAssistiveAccessEnabled(); + } + // SFAuthenticationSession doesn't work with guided access (rdar://40809553) or assistive access + if (!UIAccessibilityIsGuidedAccessEnabled() && !assistiveAccessEnabled) { + __weak OIDExternalUserAgentIOS *weakSelf = self; + NSString *redirectScheme = request.redirectScheme; + SFAuthenticationSession *authenticationVC = + [[SFAuthenticationSession alloc] initWithURL:requestURL + callbackURLScheme:redirectScheme + completionHandler:^(NSURL * _Nullable callbackURL, + NSError * _Nullable error) { + __strong OIDExternalUserAgentIOS *strongSelf = weakSelf; + if (!strongSelf) { + return; + } + strongSelf->_authenticationVC = nil; + if (callbackURL) { + [strongSelf->_session resumeExternalUserAgentFlowWithURL:callbackURL]; + } else { + NSError *safariError = + [OIDErrorUtilities errorWithCode:OIDErrorCodeUserCanceledAuthorizationFlow + underlyingError:error + description:@"User cancelled."]; + [strongSelf->_session failExternalUserAgentFlowWithError:safariError]; + } + }]; + _authenticationVC = authenticationVC; + openedUserAgent = [authenticationVC start]; + } } } // iOS 9 and 10, use SFSafariViewController