iOS - SSO not working between mobile App and Safari (default) Browser

Describe the problem

No matter what we seem to do, once a user performs a successful log in to our Mobile App in iOS, SSO does not seem to be achieved with the Safari (default) browser.

Note that all the testing I have performed thus far is with the iOS Simulator simulating an iPhone 13 running iOS 15.0.

In our case, we are using Microsoft B2C as the IdP. We can see from examining the network traffic that a persistent Cookie is returned at the end of the login process which according to the AsWebAuthenticationSession documentation, should then be made available to the external Safari Browser for SSO purposes.

We have a website which uses the same B2C login/IdP mechanism, and expect that once having manually logged into the App, the user should be able to go to Safari and access this website without needing to log in. This does not happen however, and the user is forced to log in again.

We have this working perfectly in Android (between app and website accessed via Chrome (default browser), so am confident any B2C configuration is correct. It also works perfectly if the mobile login pathway is replicated (via using the b2c login URL exactly as is presented in the App) in the Safari browser on iOS, and then have the user browse to the website (i.e, SSO is achieved).

From examining the web traffic, it seems that Safari just does not have the persistent Cookie present/available, and because of this reason, the user is forced to login again.

What was the expected behavior?

Once the user manually logs into the App, they are then able to go to the browser and access the Website via SSO without needing to log in again.

Reproduction

• Log into a Mobile App on iOS which is configured to support SSO through a persistent Cookie
• Once logged in, using Safari (assuming this is the default browser) go to a website which uses the same IdP and attempt to login - it should perform SSO, but is instead asking the user to log in

Environment

• library version: 2.4.0
• RN 0.60.6
• ephemeralSession is set to false for the login

Firstly, I really wanted to confirm that this should be working as I expect, and it would be good to hear from anyone who may have something similar set up and working, so I at least know it is possible.

I am not sure where else I can really perform any further debugging as there isn’t really any visibility once I see the Cookie returned in the successful login request, and am just expecting to be available in Safari as per Apple’s documentation.

Happy to provide further information if/as needed.