5

I am trying to use the Strong Password suggestion functionality in a SecureField using SwiftUI but it isn't working. Just wondering if I'm doing something wrong or it's a bug.

@State var password: String = ""
@State var confirmPassword: String = ""

var body: some View {
    
    VStack {
        SecureField("Password", text: $password) {
            // do something
        }
        .textContentType(.newPassword)
        SecureField("Confirm Password", text: $confirmPassword) {
            // do something
        }
        .textContentType(.newPassword)
    }
}

When I select the secureField it doesn't suggest a strong password.

Edit:

After further testing and comments below I have added an associated Domain and uploaded the following web credentials file to my webserver at example.com/.well-known/apple-app-site-association.txt:

{
        "webcredentials": {
                "apps": [ " TEAMID.com.example.AppName" ]
        }
}

My capabilities currently are Associated Domains and Autofill Credential Provider set to YES.

When I try to use Strong Passwords I get the following error message:

Cannot show Automatic Strong Passwords for app bundleID: com.example.AppName due to error: Cannot identify the calling app's process. Check teamID and bundleID in your app's application-identifier entitlement

Not sure where to go from here.

alionthego
  • 8,508
  • 9
  • 52
  • 125
  • 1
    I'm going through the exact issue. I'm also setting up the associated domains and now with the code in this post I get an auto fill option even though it's two secure fields marked as newPassword. Have you setup Associated Domains or trying to get this work without it? – mota Mar 17 '21 at 11:23
  • 1
    Also a related issue here: https://stackoverflow.com/q/64839212/408286 – mota Mar 17 '21 at 11:25
  • If I understand the issue right, you want SwiftUI make a new Password suggestion shown in fields, but it does not work, Maybe I can help you in this way, that we use a custom way for making Password suggestion. – ios coder Mar 17 '21 at 21:09
  • @mota I'm trying without associated domains which I wasn't aware of until reading your comment. do I need associated domains to make this work? the documentation is not very detailed but makes no mention of associated domains. – alionthego Mar 18 '21 at 12:18
  • 1
    @alionthego I think the associated domain is needed so Keychain knows what is the website to store this password for, otherwise it will be odd to suggest a strong password without saving it somewhere. The issue is it's hard to know if the Associated Domain setup is correct and I think that's where my problem is and probably your issue as well. See the following WWDC talks where they explain how this works: https://developer.apple.com/videos/play/wwdc2017/206/ https://developer.apple.com/videos/play/wwdc2018/204/ – mota Mar 18 '21 at 12:51
  • thanks for the video links. they were very useful. but unfortunately the problem exists. I added the associated domain and have the json file on my website but still no strong passwords. I get the following error: "Cannot identify the calling app's process. Check teamID and bundleID in your app's application-identifier entitlement". Updated question with error. – alionthego Mar 19 '21 at 22:21
  • @alionthego This is really hard to debug since Apple's CDN caches this file so it takes an unknown amount of time for them to get the new `apple-app-site-association`. One thing I noticed in your edit is the file should not have a `.txt` or any other extensions. Also in the Xcode project in the value of `webcredentials`, it must match what you have - if your website starts with "www." then add that, if it starts at "website.com" then add that, if at both then add both. And make sure the `apple-app-site-association` file is accessible without any redirects and on HTTPS- it won't work with HTTP. – mota Mar 21 '21 at 20:39
  • Regarding the error you posted, it seems that either your team ID or app bundle ID are incorrect. Your team ID can be found in your developer account. Once you sign in you should find the ID. Also if you go to identifiers and click on your App's ID you will find the team ID at the top. Let me know if you're still struggling, I just got this working after a few days so I might have a few tips that could help. – mota Mar 21 '21 at 20:42
  • There is a mismatch between the team ID but that is because when I upload it chooses the developer certificate and so it's a different team id. I've added the developer teamid to the association file but doesn't make any difference. Not sure how to force it to use the distribution certificate. – alionthego Mar 23 '21 at 11:36

2 Answers2

3

If you have setup the SecureFields with .newPassword and the "Associated Domains" appropriately, autofill upon sign-in and the suggestion of strong passwords should work on your device.

But be sure to have an iCloud account signed in and iCloud Keychain enabled. If this is not the case, it won't suggest strong passwords as it cannot sync them across devices. It will output some log as below:

[AutoFill] Cannot show Automatic Strong Passwords for app bundleID:
com.example.signin-playground due to error: iCloud Keychain is disabled

This testing can only be done on a real device because you cannot enable iCloud Keychain in the simulator.

pd95
  • 1,999
  • 1
  • 20
  • 33
2

If you want a new password to be suggested then you need to use the .newPassword text content type.

.password is for entering an existing password.

Paulw11
  • 108,386
  • 14
  • 159
  • 186
  • 2
    sorry. I've updated the post. I have already put .newPassword but not working. wondering if anybody else is having same issue. both on simulator and device. – alionthego Mar 14 '21 at 13:00
  • 1
    Yes. I'm running my app in Xcode 13.2 and iOS 15.2, and I'm facing this same issue. The Sign-In process to peek for saved passwords is working as expected. Indicating that the Associated Domain is well configured. But when I use `.newPassword` in TextContentType using the SecureField (SwiftUI) at the Sign-Up view, the keyboard doesn't show the "Passwords" header as it should. – Jorge Costa Dec 17 '21 at 10:22