aws-sdk-ios icon indicating copy to clipboard operation
aws-sdk-ios copied to clipboard

Published 20 hours ago verified publisher icon aws-amplify

enable sharing of the KeyChain across access groups | iOS Extension (Share Extension)

Open desokroshan opened this issue 7 years ago • 10 comments
trafficstars

Hello, I want to check is there a way we can getSession() in iOS Extension (Share Extension). As I need to access session token for my api calls. It is again loading Login View Controller while it should give same Identity. Like how I can enable sharing of the KeyChain across access groups.

I looked into AWSCognitoIdentityUser.m and in this function -(AWSTask<AWSCognitoIdentityUserSession*> *) getSession and AWSUICKeyChainStore and where keychain is initialized. We actually need to initialize keychain with custom Service and AccessGroup so that it can be accessed from extension.

Like currently it is like this in AWSCognitoIdentityUserPool _keychain = [AWSUICKeyChainStore keyChainStoreWithService:[NSString stringWithFormat:@"%@.%@", [NSBundle mainBundle].bundleIdentifier, [AWSCognitoIdentityUserPool class]]];

while we want something like this in AWSCognitoIdentityUserPool where we can provide group and service
_keychain = [AWSUICKeyChainStore keyChainStoreWithService:@"OUR OWN SERVICE STRING" accessGroup:@"OUR OWN SHARE ACCESS GROUP"];

https://github.com/aws/aws-sdk-ios/blob/master/AWSCognitoIdentityProvider/AWSCognitoIdentityUserPool.m#L168

Originally opened by @qaisershehzad as sample issue#301.

desokroshan avatar Nov 14 '18 18:11 desokroshan

@undefobj Want to get your thoughts on this, might be a good utility.

rohandubal avatar Dec 04 '18 00:12 rohandubal

Marking this as a feature request pending discussion with team. @undefobj @muellerfr

rohandubal avatar Dec 12 '18 23:12 rohandubal

I would like to like one more PR #1155 that adds ability to configure credentials sharing.

larryonoff avatar Dec 29 '18 13:12 larryonoff

+1 for this feature

james-ff avatar Jul 09 '19 13:07 james-ff

+1 as well. I commented on PR #1155 mentioned above. Trying to find any workaround that doesn't result in a poor experience for the user. Ideas anyone?

https://github.com/aws-amplify/aws-sdk-ios/pull/1155#issuecomment-618123577

abemusic avatar Apr 23 '20 01:04 abemusic

Hi there what the status on that feature request ? We would need it to build a share extension. Anyone has a good workaround ?

vpusher avatar Aug 26 '20 07:08 vpusher

Hi @vpusher , Right now I carry the idToken to my share extension using UserDefault however as the idToken is valid only for an hour I have to ask the users to open the host app, if more than 50mins have passed since the last refresh, which refreshes the idToken. However this still isn’t completely seamless fetching session from share extension would be the best implementation.

aman-at-appinventiv avatar Sep 01 '20 06:09 aman-at-appinventiv

I went a similar direction but send the refresh token so the user doesn’t need to open the app once per hour. Probably not the best way, but it works

abemusic avatar Sep 05 '20 19:09 abemusic

Hi @abemusic, I don't understand what you mean by "send the refresh token". Are you sending the refresh token to your backend? or is there something I have missed to fetch idToken using refresh token.

aman-at-appinventiv avatar Sep 08 '20 13:09 aman-at-appinventiv

Hi @rohandubal, any updates about this feature?

jorgefrazaocosta avatar Oct 26 '21 14:10 jorgefrazaocosta

I know this is an old feature request but it's one that I think a lot of us would appreciate. Is there any way we can help to get this implemented? There's been a few PRs that have taken a shot at it in the past and could be a good starting point.

bdhazman avatar Oct 26 '22 01:10 bdhazman

We're tracking this in Amplify Swift here: https://github.com/aws-amplify/amplify-swift/issues/2508

atierian avatar Dec 06 '23 22:12 atierian