Developer Console
Sign In
Sign In
Developer Console

Customer Experience in iOS apps

In this section, you will learn about the login flow your customers will experience when they use Login with HAQM within your iOS app. The Login with HAQM SDK for iOS handles the entire login flow from signing in, to obtaining customer consent, to sharing profile information (if you requested it), to finally redirecting the customer back to your iOS app.

Step 1: The Login with HAQM Button

The login flow always begins when your customer clicks a "Login with HAQM" button in your iOS app. We recommend placing these branded buttons on your app’s sign in and registration screens. You can also place Login with HAQM buttons in your app’s header or footer to enable a quick way for your customers to login to your app using their HAQM credentials.

LWA button in iOS app

For instructions on implementing Login with HAQM buttons, see our Getting Started Guide for iOS.

Step 2: The Login Flow

The Login with HAQM SDK for iOS will automatically provide each of your customers with one of the login flows below:

Single Sign-on flow using the HAQM Mobile Shopping app

If your customer is already signed into the HAQM Mobile Shopping app on their iOS device when they click the "Login with HAQM" button, they will not be prompted to enter their HAQM account credentials. Instead, the Login with HAQM SDK for iOS will recognize the customer’s authentication to the HAQM Mobile Shopping app, and use that same account information to log them into your iOS app. The customer will only need to provide one-time consent to share their profile information with your app (if your app is requesting it).

In this flow, a user visits your iOS app (A). They click the Login with HAQM button (B) and get redirected to a secure, branded page within the HAQM Mobile Shopping app which requests their consent (C) to allow your app access to their profile data. If they have already consented, or if your app is not requesting a scope which requires consent, this step will be skipped. HAQM then redirects the user from the consent screen back to your app (D).

SSO cx flow chart

Single Sign-On using embedded web view (iOS 11 and above)

If your customer is using a device running iOS 11 or above, Login with HAQM will provide them with a secure, branded screen where they can enter their HAQM account credentials to log in to your app. The login screen is displayed securely within your app using SFAuthenticationSession if the customer is using a device with iOS 11, and it will be displayed using ASWebAuthenticationSession for devices with iOS 12 and above. After successfully signing in, the customer will need to provide one-time consent to share their profile information with your app (if your app is requesting it). These two authentication sessions function very similarly to the SVC flow below.

SSO is ideal for a login experience, as it does not require your customers to launch other apps or their browser (navigating away from your app in the process) to sign in. The reason why this is replacing SSO using the HAQM Mobile shopping app is because of potential security risks with redirecting to other apps. It also does not require you to build your own in-app web view to handle the content (which is both time consuming, and a potential security risk, as the native web view has control over sensitive information entered by customers).

In this flow, a user visits your iOS app (A). They click the Login with HAQM button (B) and get redirected to a login screen in an embedded web view within your app (C). After entering their HAQM account credentials, the web view updates and requests consent to allow your app access to their profile data (D). If they have already consented, or if your app is not requesting a scope which requires consent, an acknowledgment page will be shown instead. HAQM then closes the web view so the user can proceed in your app (E).

SVC cx flow chart

Safari View Controller flow (iOS 9 and above)

If your customer is using a device running iOS 9 or above, Login with HAQM will provide them with a secure, branded screen where they can enter their HAQM account credentials to login to your app. If the customer is using a device with iOS 9 or above, the login screen is displayed securely within your app in Safari View Controller (SVC). After successfully signing in, the customer will need to provide one-time consent to share their profile information with your app (if your app is requesting it).

Apple introduced SVC in iOS 9, and it enables apps to launch external web content in a "miniature", in-app version of Safari. SVC is ideal for a login experience, as it does not require your customers to launch other apps or their browser (navigating away from your app in the process) to sign in, and it does not require you to build your own in-app web view to handle the content (which is both time consuming, and a potential security risk, as the native web view has control over sensitive information entered by customers).

In SVC flow, a user visits your iOS app (A). They click the Login with HAQM button (B) and get redirected to a login screen in an SVC window within your app (C). After entering their HAQM account credentials, the SVC window updates and requests consent to allow your app access to their profile data (D). If they have already consented, or if your app is not requesting a scope which requires consent, this step will be skipped. HAQM then closes the SVC window so the user can proceed in your app (E).

The Single Sign-on (SSO) aspect of the SVC flow only works for iOS 9 + 10. Apple disabled the sharing of cookies between Safari View Controller and Safari in iOS 11 and above. This means that for customers using iOS 11 and above, they will have to sign in multiple times to different apps instead of just once. To enable support for SSO for iOS 11 and above, please update to Login with HAQM version 3.1.0 or above.

SVC cx flow chart

System browser flow (iOS 8 and below)

If your customer does not have the HAQM Mobile Shopping app installed to their device, or they aren’t signed into it, Login with HAQM will provide them with a secure, branded screen where they can enter their HAQM account credentials to login to your app. If the customer is using a device with iOS 8 or below, the login screen is displayed securely in their system web browser (generally Safari). After successfully signing in, the customer will need to provide one-time consent to share their profile information with your app (if your app is requesting it).

In system browser flow, a user visits your iOS app (A). They click the Login with HAQM button (B) and get redirected out of the app and into a secure, HAQM-branded login screen in their system browser (C). After entering their HAQM account credentials, another secure, HAQM-branded page opens in their system browser and requests consent to allow your app access to their profile data (D). If they have already consented, or if your app is not requesting a scope which requires consent, this step will be skipped. HAQM then redirects the user from their browser window back to your app (E).

System browser cx flow chart

Step 3: The Login Screen

In both SVC and system browser flow, the HAQM customer will see the login screen immediately after clicking a Login with HAQM button.

LWA login screen

The HAQM-branded login screen consists of the following:

  • The app name you select when you register with Login with HAQM.
  • A Forgot your password? link the customer can click to reset their HAQM.com password.
  • Fields for the customer to enter in their HAQM.com account credentials.
  • A Show password checkbox the customer can select to display the password they're typing in. By default, the password will be shown.
  • A Keep me signed in checkbox the customer can select to skip the login and consent screens the next time they visit your app and use Login with HAQM. Instead, the next time they log in to your app they will see an acknowledgement screen (below), where they can click Continue to login to your app with their HAQM account credentials.
    LWA acknowledgement screen
  • A secure Sign in button the customer can click when they’re ready to authenticate to HAQM using their account credentials. Clicking Sign in will redirect the customer to the consent screen, or to your app, as described in the Login Flows sections above.
  • A Create a new HAQM account button the customer can click to create a new account, then sign into your app.
  • A list of benefits for using Login with HAQM, and a Learn More link the customer can click for more details.
  • Links to the Conditions of Use and Privacy Notice relevant to their usage of Login with HAQM.

If your app requests access to a customer’s profile information (such as their name, email address, or postal code), the customer will be made aware of this via the consent screen.

LWA consent screen

The HAQM-branded consent screen consists of the following:

  • A drop-down list showing the customer's name in the upper, right corner. Clicking the drop-down arrow will allow the customer to choose another HAQM account to authenticate with.
  • The app name and logo you provide when you register with Login with HAQM.
  • A list of each permission requested by your app.
  • An I agree button the customer can click if they agree to share their information. Clicking I agree will redirect the customer back to your app as described in the Login Flows sections above.
  • A Cancel button the customer can click if they do not agree to share their information. Clicking Cancel will bring the customer back to your app unauthenticated.
  • A Your Account link the customer can click to remove permissions they've granted to apps via Login with HAQM.
  • A link to the privacy policy for your app that you provide when you register with Login with HAQM.

Step 5: Success!

After a customer has completed the login flow, they are automatically redirected back to your iOS app.