A bonus feature in this chapter is Safari's Shared Web Credentials. Shared Web Credentials allow your app to use login information from Safari's keychain in order to simplify the login process for your users. Through this technique you automatically store user credentials safely and securely. As an added benefit, these credentials automatically synchronize through iCloud keychain.

To enable this feature, you need to add some extra information to the apple-app-site-association file. Next to the applinks dictionary, you need to add a webcredentials dictionary:

{ 
    "applinks": { 
        // existing information 
    }, 
    "webcredentials": { 
        "apps": [ 
            "6AB81RGQLO.com.donny.recipes" 
        ] 
    } 
} 

All you need to specify is a list of application identifiers that you want to share credentials with. You also must update your Associated Domains capability with a webcredentials: key:

This is all the setup you need to enable Web Credentials. Your app can now query Safari for existing login information to make the login process as smooth as possible for your users.

The next step is to obtain login credentials from Safari. The following code snippet can be used to take care of this:

SecRequestSharedWebCredential(nil, nil) { credentialsArray, error in 
    guard let credentials = credentialsArray as? [AnyObject], 
        let credentialEntry = credentials.first 
        else { return } 
     
    let userName = credentialEntry[kSecAttrAccount as String] 
    let password = credentialEntry[kSecSharedPassword as String] 
     
    // log in with fetched credentials 
} 

If you have logged a user in with shared credentials and your application has the option for users to change their password, or if a completely new user has registered in your application, it's probably a good idea to supply these new credentials to Safari as well. This makes sure that the next time a user wants to log in to your website, their Safari keychain is up to date and they will automagically log in with their new credentials:

SecAddSharedWebCredential("www.familymoviesapp.com" as CFString, 
                          "SomeUserName" as CFString, 
                          "APassword" as CFString?) { error in 
                             
    // handle errors if desired 
} 

The snippet above adds a new entry to Safari's keychain. Safari will take care of managing duplicates on its own so you don't have to worry about that yourself.

This is all you should know about shared Web Credentials. This technique is really powerful if you're looking to create a secure, safe, and seamless experience for users that switch between your app, website, and maybe the same app on a different device. Because the iCloud keychain is synchronized on multiple devices, any credentials you manage with this technique are synchronized across devices as well.