Unexpected system confirmation dialog when opening a Universal Link

Safari & Web General
Neurowork OP
Created 3w
Replies 4
Boosts 0
Views 827
Participants 2

Subject: Unexpected system confirmation dialog when opening a Universal Link

Description of the issue:

We’re implementing a login flow using Native iOS apps, Universal Links, and OpenID Connect authentication. Our domain is correctly configured with the apple-app-site-association file, and Universal Links work as expected.

However, under certain circumstances, the behavior differs on the same login page:

  1. The user connects to the OIDC provider in their mobile browser.
  2. Instead of automatically switching to the Native application, a popup asks the user to open the app.

The behavior depends on how the login page is opened:

  • When opened in a new browser tab, the Universal Link opens the app immediately without showing any system confirmation dialog.
  • When the same tab is reused without a page refresh, iOS displays a system confirmation dialog asking the user to open the link in the app. This confirmation dialog doesn’t appear in the first scenario.

This additional system dialog impacts the user experience, as we aim for a frictionless and seamless login flow with minimal confirmation steps.

Question: Why does the app switch work automatically only the first time?

Is this intentional iOS behavior? If so, what security requirement or system rule causes a confirmation dialog when reusing the same tab, but not when redirecting in a new tab or pressing a button on the reused tab? Is this expected design, or should we adjust our side to avoid this dialog?

Environment details:

  • Verified on two devices
  • iOS versions: 18.7.2, 26.1

Thanks for your help.

Replies  4
Boosts  0
Views  827
Participants  2
DTS Engineer OP
Apple
3w

Thank you for your post. Very interesting. Your observation regarding the behavior of Universal Links on iOS, where the app opens automatically in some instances but prompts a confirmation dialog in others, is intentional and aligns with iOS’s security and user experience considerations.

Apple implemented this confirmation mechanism partially due to security concerns. While this behavior is designed to enhance security and user control, Universal Links requires proper configuration of Apple-app-site-association files and associated domains. It is recommended to verify configurations using Apple’s validation tools to identify and resolve any technical inconsistencies. For more information, please refer to the following document: TN3155: Debugging universal links | Apple Developer Documentation

In my opinion, best practices for Universal Links and redirect handling should be adopted to optimize user experiences as much as possible. Oh remember the iOS will also remembers how the user want to handle each link.

Albert Pascual
  Worldwide Developer Relations.

0
Neurowork OP
2w

We did follow the debugging guide.

The issue here is to understand why it works correctly the first time, meaning that the Apple-app-site-association files and associated domains are configured correctly, and not the second time while remaining on the same tab.

We need help understanding what the security difference is between the first invocation and second knowing that it is the exact same website executed and javascript code executed on both attempts.

0
Neurowork OP
4d

Any update on this @DTS Engineer ? We are currently stuck in making progress on this issue. We'd appreciate guidance on what to do to avoid such behavior. As explained, we believe our Universal link are configured correctly since App switch works correctly initially.

0
DTS Engineer OP
Apple
4d

Thank you for your response and for taking the time to read the Technical Note. I believe you have now realized that Universal Links function consistently well, but there could be several reasons for their behavior deviating from expectations:

When encountering issues related to Apple-app-site-association files and associated domains, particularly when they function correctly on the first attempt but fail on subsequent attempts within the same tab, several potential security and configuration factors could be at play:

  • JavaScript Logic Errors:
    • Although you mentioned that the code execution is identical, race conditions or state mismanagement within your JavaScript could lead to differing outcomes on successive runs. Please verify for such possibilities.
  • Error Handling and Logs:
    • Enhance error handling surrounding the associated domain validation logic and ensure comprehensive logging to capture any discrepancies during the second invocation.

By systematically examining these areas, you should be able to identify discrepancies causing the differing behavior on subsequent invocations within the same tab.

I would recommend to follow the guidelines to just create a link following the Universal Links specification.

https://developer.apple.com/documentation/xcode/supporting-universal-links-in-your-app

You can always look at the sysdiagnose sw_util file to see how was handled as shown on the Tech Note.

You can always provide me the app for me to go over the Tech Note troubleshooting to find the issue of your javascript.

Will it work without javascript?

Albert Pascual
  Worldwide Developer Relations.

0
Unexpected system confirmation dialog when opening a Universal Link
First post date Last post date
 
 
Q