Julien Bodet

On iOS 13, the default user agent ([`OIDExternalUserAgentIOS`](https://github.com/openid/AppAuth-iOS/blob/master/Source/iOS/OIDExternalUserAgentIOS.m)) of AppAuth uses [`ASWebAuthenticationSession`](https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession) to present the authorization to the user. `ASWebAuthenticationSession` is the one who creates and present the view controller,...

> Same here, we can't let the user cancel login for a product that requires it, and it's a janky user experience to simply re-present the login view controller after...

From what I understand you successfully implemented the authorization flow using AppAuth, is that right? The "email verification flow" you mention seems to be beyond the scope of AppAuth and...

Session cookies set in `ASWebAuthenticationSession` (`SFAuthenticationSession` replacement for iOS12+) are not shared with the browser as per [documentation](https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession).

Please ignore the referencing pull request above, it's an error and unrelated.

Pull request #315 already discussed the same error. The [conclusion](https://github.com/openid/AppAuth-iOS/pull/315#issuecomment-497896461) given by @WilliamDenniss was: > Steve and I spent a bit of time debugging this. Our conclusion is that the...

Interesting, this seems to be an Apple bug. Did you file a bug on their bug reporting?

@jongarate Thanks for the update. I would leave this issue opened for reference until it is fixed, if it ever happens.

Yes but what if there is multiple subsequent 302 responses? Actually once you get a 302 response you sync the cookies to `HTTPCookieStorage` and the new request is loaded by...