Log in to Websites with ASWebAuthenticationSession

What is ASWebAuthenticationSession?

ASWebAuthenticationSession is a class in Apple’s Authentication Services framework that simplifies logging into websites from iOS and Mac apps. When you create and start an instance of ASWebAuthenticationSession, a private browser window opens for someone to sign into a website.

When would you use ASWebAuthenticationSession? Use it if your app needs to log into a website. Suppose you’re writing a Twitter app like Tweetbot or Twitterific. The first time someone launches your app, they need to sign into Twitter so they can use your app.

Add a Custom URL Type for Your App

When someone finishes logging in to the website, they should go back to your app. You must add a URL type to your app to go back to the app.

Select your app target from the project editor and click the Info button at the top to add a URL type to the app.


Give your URL type a name in the Identifier text field. Enter the URL type in the URL Schemes text field. The type should take the following form:

Create a Class for the Login Session

To use ASWebAuthenticationSession you must add a class to hold the login session.

The ASWebAuthenticationSession class is part of the Authentication Services framework so you must import that framework.

The class must conform to the ASWebAuthenticationPresentationContextProviding protocol. Inheriting from NSObject is the easiest way to conform to the protocol. Conforming to ObservableObject isn’t mandatory, but it helps for SwiftUI apps.

Add a Presentation Anchor

The login session requires a presentation anchor, which is a window to show the login session.

ASPresentationAnchor is an instance of UIWindow on iOS and an instance of NSWindow on Mac.

Create an ASWebAuthenticationSession Instance

Now you can create an instance of ASWebAuthenticationSession. You must supply the following arguments:

  • The URL of the website to log in.
  • The callback URL, the URL to go when the login session finishes.
  • A completion handler closure (function) that runs when the session finishes successfully.

The callback URL is the custom URL type you created for the app, minus the ://.

The code looks like the following:

You should use ephemeral web browser sessions. If you set prefersEphemeralWebBrowserSession to false, information from previous sessions will be available in the session.

If you need to make any async calls in the completion handler, wrap them in a Task block. ASWebAuthenticationSession does not support Swift’s async await concurrency features.

You can see an example of using ASWebAuthenticationSession to sign in to Jira’s website in the following article:

Rija Development: OAuth Authorization