This article explains the behavior where a system alert appears when attempting to log out while using Auth0.swift Software Development Kit (SDK). This occurs when the prefersEphemeralWebBrowserSession flag is set to false. The following alert is displayed to the end user:

Apple wants to use <domain> to sign in

• Auth0.swift SDK
• iOS

The alert is a mandatory security feature enforced by the iOS operating system. The application and the Safari browser exist in separate sandboxes. When prefersEphemeralWebBrowserSession is set to false, the application requests to share cookies between these environments to facilitate Single Sign-On (SSO). Apple requires that whenever an application attempts to access or modify data, such as clearing a cookie, within the shared Safari space, the user must explicitly grant permission via a system alert. This alert is not controlled by the Auth0.swift SDK.

There is no method to silently clear browser cookies in a non-ephemeral session without triggering the system alert due to the iOS ASWebAuthenticationSession architecture.

To remove the alert box, the application must avoid clearing the federated session.

1. Modify the implementation to avoid calling clearSession(federated:).

2. Review the following documentation for details on disabling the alert box: Auth0.swift FAQ: How can I disable the logout alert box.

NOTE: Disabling the alert by skipping the federated session clearance results in the session cookies remaining in the browser.