Skip to content

🐞 Insidious Bugs #3: Apple App Site Association File Identifiers

Troubleshooting Password AutoFill and Universal Links

by Michael Amundsen
A ladybug on a green leaf

The Bug

When creating an apple-app-site-association file, the documentation says to use your Application Identifier Prefix followed by the Bundle Identifier for your app​I​Ds key.

<Application Identifier Prefix>.<Bundle Identifier>
{
  "applinks": {
      "details": [
            {
              "appIDs": [ "ABCDE12345.com.example.app", "ABCDE12345.com.example.app2" ],
              "components": [ ... ]
            }
        ]
    },
    "webcredentials": {
      "apps": [ "ABCDE12345.com.example.app" ]
    }
}

Because I was not sure where to find our Application Identifier Prefix, I decided to watch the WWDC 2019 What‘s New in Universal Links video. It tells you:

The prefix may or may not be equal to your Team Identifier. Check the developer portal to confirm your app identifier.

In addition, I decided to check out WWDC 2020 What‘s new in Universal Links to make sure I had the most up to date information. It tells you:

The entitlement mentions your web server‘s domain name, and the web server mentions your app’s Application Identifier.

At this point, I was confused at what the difference between your App Identifier and Team Identifier was and wasn‘t sure where to get the answer.

Team Identifier is an identifier associated with your membership through the Apple developer program.

App Identifier is an identifier associated with the specific app on your developer account.

Following the first video, I went to the developer portal and found our Team Identifier in the membership section.

I used it in our apple-app-site-association file. The file was deployed and I went to the app and try out Password AutoFill and Universal Links requests. Nothing worked, yet the apple-app-site-association file passed validation. I was left wondering why.

The Solution

Hidden in the WWDC 2019 video I mentioned, they say:

The prefix may or may not be equal to your Team Identifier.

Depending on when the application you are working on was setup, your Team Identifier and App Identifier may or may not be the same. If your Team Identifier and App Identifier are not identical, the app will make Password AutoFill and Universal Links requests with the App Identifier instead, resulting in the feature not working.

To validate what identifier you need to use, visit the Identifiers tab of the Certificates, Identifiers & Profiles section of the developer page for your application.

In the list, find your Bundle Identifier and click on it in the list.

I had no idea that you could click on these items, because there is no indication that the items are selectable.

On this page, you will see App ID Prefix which is the value you must use for the apple-app-site-association file. The prefix may or may not be equal to your Team Identifier.

Example of App Identifier that is not the same as Team Identifier

Example of App Identifier that is the same as Team Identifier

Swap that out, deploy that to the web server, and test out Password AutoFill and Universal Links requests to see that they now work.

How We Got There

We came across this bug while working with a client. After a lot of validation and back and forth with our client‘s website team, we decided to look at the console logs the app was printing out when trying to make Password AutoFill requests. (Note: you must test on device for this feature to work.)

Upon going to a screen where we expected Password AutoFill, we noticed at the time the console was printing out an error saying that it could not complete the Password AutoFill request.

2021-05-21 12:59:49.798251-0400 Authorization failed: Error Domain=AKAuthenticationError Code=-7089 \"(null)\" UserInfo={AKClientBundleID=\"BUNDLE IDENTIFIER HERE”}

After discovering what I believe is a hidden page in the developer portal, we noticed that our app did not use the Team Identifier as its app‘s identifier. We had our client’s website team update the file to include the proper App Identifier, and now everything works!