enable sharing of the KeyChain across access groups | iOS Extension (Share Extension)

[desokroshan]

Hello,
I want to check is there a way we can getSession() in iOS Extension (Share Extension). As I need to access session token for my api calls. It is again loading Login View Controller while it should give same Identity. Like how I can enable sharing of the KeyChain across access groups.

I looked into AWSCognitoIdentityUser.m and in this function
-(AWSTask<AWSCognitoIdentityUserSession*> *) getSession and AWSUICKeyChainStore and where keychain is initialized.
We actually need to initialize keychain with custom Service and AccessGroup so that it can be accessed from extension.

Like currently it is like this in AWSCognitoIdentityUserPool
_keychain = [AWSUICKeyChainStore keyChainStoreWithService:[NSString stringWithFormat:@"%@.%@", [NSBundle mainBundle].bundleIdentifier, [AWSCognitoIdentityUserPool class]]];

while we want something like this in AWSCognitoIdentityUserPool where we can provide group and service
_keychain = [AWSUICKeyChainStore keyChainStoreWithService:@"OUR OWN SERVICE STRING" accessGroup:@"OUR OWN SHARE ACCESS GROUP"];

https://github.com/aws/aws-sdk-ios/blob/master/AWSCognitoIdentityProvider/AWSCognitoIdentityUserPool.m#L168

Originally opened by @qaisershehzad as sample issue#301.

[rohandubal]

@undefobj Want to get your thoughts on this, might be a good utility.

[rohandubal]

Marking this as a feature request pending discussion with team. @undefobj @muellerfr

[larryonoff]

I would like to like one more PR #1155 that adds ability to configure credentials sharing.

[james-ff]

+1 for this feature

[abemusic]

+1 as well. I commented on PR #1155 mentioned above. Trying to find any workaround that doesn't result in a poor experience for the user. Ideas anyone?

#1155 (comment)

[vpusher]

Hi there what the status on that feature request ? We would need it to build a share extension. Anyone has a good workaround ?

[aman-at-appinventiv]

Hi @vpusher ,
Right now I carry the idToken to my share extension using UserDefault however as the idToken is valid only for an hour I have to ask the users to open the host app, if more than 50mins have passed since the last refresh, which refreshes the idToken. However this still isn’t completely seamless fetching session from share extension would be the best implementation.

[abemusic]

I went a similar direction but send the refresh token so the user doesn’t need to open the app once per hour. Probably not the best way, but it works

[aman-at-appinventiv]

Hi @abemusic,
I don't understand what you mean by "send the refresh token". Are you sending the refresh token to your backend? or is there something I have missed to fetch idToken using refresh token.

[jorgefrazaocosta]

Hi @rohandubal, any updates about this feature?

[bdhazman]

I know this is an old feature request but it's one that I think a lot of us would appreciate. Is there any way we can help to get this implemented? There's been a few PRs that have taken a shot at it in the past and could be a good starting point.

[atierian]

We're tracking this in Amplify Swift here: aws-amplify/amplify-swift#2508