| TestsTested | ✗ |
| LangLanguage | Obj-CObjective C |
| License | MIT |
| ReleasedLast Release | Dec 2014 |
Maintained by Alex Rouse.
RZSafariKeychain is a collection of class methods to make getting access to the user credentials in the keychain easier.
Easiest way to install is using cocopods, add this to your pod file to get it working.
pod 'RZSafariKeychain', '~> 0.1'
Alternatively you can just add the contents of the source folder to your project.
If you are building for iOS 7 + 8 you need to make sure that the system has access. There is a class method to do this + (BOOL)isSafariKeychainAvailable;
If the device has access to safari keychain you can then prompt the user for their credentials. Here is an example call
[RZSafariKeychain getAccountKeychainCredentialsWithCompletion:^(NSString *accountName, NSString *accountPassword, NSError *error) {
if ( error ) {
NSLog(@"Error getting safari Credentials: %@", error);
}
else {
if ( accountName != nil && accountPassword != nil ) {
self.emailAddressTextField.text = accountName;
self.passwordTextField.text = accountPassword;
}
else {
NSLog( @"Got back an invalid account name or password" );
}
}
}];
** The remainder of the readme is just a walkthrough to setting up the server/configuration side of Safari Keychain. **
This will look something like this:
{
"webcredentials": {
"apps": [ "YWBN8XTPBJ.com.example.myApp",
"YWBN8XTPBJ.com.example.myOtherApp" ]
}
}
Note that the service that is being used is 'webcredentials' and the value used for apps is in the form App-ID-Prefix.bundleID
An Important Note: The value above for YWBN8XTPBJ is the App ID Prefix. This is generally the same as your TeamID but this is not always the case! See here for more details: https://developer.apple.com/library/ios/technotes/tn2311/_index.html
Next you need to sign the json file to create an apple-app-site-association file. This can be done with the following script.
cat json.txt | openssl smime -sign -inkey example.com.key
-signer example.com.pem
-certfile intermediate.pem
-noattr -nodetach
-outform DER > apple-app-site-association
You will need to get the key and certificate for your webserver to pass in above as the -sign and -signer parameters.
Note that your actual command may be a bit different and most will not have a -certfile unless you have intermediate certificates.
The last step for the server side setup is to actually host the file. The location for it should be https://example.com/apple-app-site-association.
Also make sure that the Content-Type is application/pkcs7-mime
This is generally the easy part.
In XCode go to your Project File -> Capabilities -> Associated Domains and turn it on.
Inline in xCode hit the + and add your domain in the following format: service:Domain An example of this would be webcredentials:www.example.com. This will update your entitlements.plist to look something like this.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.developer.associated-domains</key>
<array>
<string>webcredentials:www.example.com</string>
</array>
</dict>
</plist>
For most people you are done. Easy.
If something goes wrong there is the option to configure you app ID through the Developer portal which is also easy. Just navigate to your app id and add Associated Domains. After this you will also need to add your domains in the same format as above.
If you use an enterprise cert or if there is any other reason that you use a wildcard app id (anything with a * in it), this will be annoying... You will not be able to have an entitlements plist with these keys in it. To get around this you can have multiple entitlements plist files, one for Production and one for Enterprise/Wildcard. There is an code signing entitlements property on a projects build settings that you can use to differentiate based off of a build configuration
This is just a collection of links that I found helpful while implementing safari keychain.