TLDR: How to distinguish between a link that the app sends internally and a link that originates from outside of the app?
Details:
If a SwiftUI app has multiple windows (scenes), a window can be opened programmatically via a deep link as explained here.
Contextual data can be included in the link. For example a book id in a library app.
fancyLibraryApp:viewer/book/42
Add the following modifier to your view to process this url and to view a book.
var body: some Scene
{
Text("Title of \(book)").onOpenURL
{
self.id = $0.description.lastPathComponent //parse the url as appropriate
}
}
Book is a value or object that you retrieve from the id passed through the url. The id should be a binding so that the view gets updated.
A link can be send from elsewhere within your app but it can also be send from an external source such as safari or the Terminal app (open fancyLibraryApp:viewer/book/42).
Therefore the url must be validated. Is the user allowed to read this book or not? Is the user logged in or not?
Apple explains how to validate an incoming url here, but only for iOS.
NSApplicationDelegate has a function application(_ application: NSApplication, open urls: [URL])
However that function is called after the view modifier onOpenURL.
So how can the url be verified?
