How to Login User Automatically Into The App With SFSafariViewController on iOS 9

The new SFSafariViewController was introduced during the WWDC15 and it’s built into iOS9. It enables you as a developer to deliver data to the app from your web service (site), avoiding any need for authorization so that the user feels a deep level of integration between the web version of your service (site) and the client mobile application. We’ve already built this feature into our project and want to share our mobile app development experience with you!

We’ve made a PDF-version of this article so you can read it later. Download

Imagine the following scenario:

  1. User sign up for some service in web interface
  2. User receive email with an invitation code and AppStore “download button”
  3. User clicks the AppStore “download button”
  4. App is downloading from the AppStore
  5. When user open an app his/her profile and info is already imported into the app.

AutoLogin User Flow in iOS9

AutoLogin User Flow in iOS9

In this article I’ll try to answer two questions:

  1. How does the invitation work?
  2. How is it implemented?

The trick is simple: when a user clicks on the special link, the website sets cookies in the Safari browser and navigates a user to the AppStore. When the app is opened, it displays Safari View Controller in a hidden UIWindow to open the website special link. When the app opens that page, the website tries to read cookies (that were set when the user clicked the download button in their email), and because Safari View Controller and Safari browser share cookies the website can easily read them and redirect info to the app via the URL scheme. Technically your site just redirects request to your custom scheme like:

that iOS interpreters as opening the app by URL scheme and pasting URL inside.

5 small technical steps need to be performed in order to achieve this: 3 steps on the iOS app part and 2 on the backend part.

iOS app part

1) Configure the URL scheme in the app (if the app already uses the URL scheme you can skip this step).


In the project navigator on the left, select your project name, and select your target, then select the Info tab. Expand the URL Types section and click the + button.

Here, you only need to add two things: an Identifier, and the URL scheme.

The Identifier should be a unique string. Apple recommends using a reverse-domain style name to ensure uniqueness. The URL Scheme is the thing that will actually launch the app. The URL scheme you are probably most familiar with is http://—the scheme that precedes all URLs on the web.

So now you can open the application by using the provided the URL Scheme, i.e.:

2) Open SFSafariViewController in the hidden window inside the mobile app

3) Handle redirection from your website to the app

Backend part

1) Set appropriate cookies in the Safari browser SetCookies.php

Or as an alternative – JavaScript code

2) Read the cookies and redirect to your app with required data ReadCookiesAndRedirect.php

Or as an alternative – JavaScript code


To summarise, Apple have introduced yet another handy feature that helps to improve user experience by breaking down a wall between services. So it doesn’t matter where the user last logged in or entered their information, all your service clients will be able to show their latest content. It is clear that this feature has at least one great potential implementation – guest apps can fully skip their sign-in process if the user is already logged in through Safari, giving a real WOW effect to people who are using the app.

That’s it!

Read More:

Give it a try. It only takes a click to unsubscribe.
April 1, 2016
  • thom c

    Between 3 and 4 in the diagram, is it going to Safari app to set the cookie? Can this cookie also be set when the user logs in / registers…. so that the link in the email goes straight to the App Store?

    • Vitaliy Malakhovskiy

      > Between 3 and 4 in the diagram, is it going to Safari app to set the cookie?
      Correct. When you click link in mail it redirects you to Safari and then Safari (after cookies set) redirects you to AppStore.

      > Can this cookie also be set when the user logs in / registers…. so that the link in the email goes straight to the App Store?
      There is no way to get if cookies is set from the mail app. There may be a case that user logs in from computer, and trick will not work.

  • Yehoshua Nagel

    How do you overcome 5.1.1.iv:
    “SafariViewContoller must be used to visibly present information to users; the controller may not be hidden or obscured by other views or layers. Additionally, an app may not use SafariViewController to track users without their knowledge and consent.” ?

    • Vitaliy Malakhovskiy

      There is no way to do that since iOS 10

  • Un Chin

    @vitaliymalakhovskiy:disqus Thanks for the useful article. We have tried it out and found that SafariViewController cannot get the cookie across each app, for example
    1. User ‘A’ posts a link, which would set the cookie when clicked, on Facebook.
    2. User ‘B’ clicks the link.
    3. User ‘B’ installs the app.
    4. User ‘B’ opens the app, and SafariViewController opens the URL to retrieve the cookie but unfortunately the cookie is not found.

    Do you still make it work on the iOS 10 and 11? Could you provide me some more guideline?

    Really appreciate for your help.