Articles Projects About Subscribe
← All issues Newsletter

iOS Dev Weekly — Issue #46

Opening

Auth is quiet until it isn’t: more teams are changing domains, adding CDNs, or rebranding, and Sign in with Apple is the tripwire. The bugs aren’t Swift; they’re mismatched redirect URLs, AASA mistakes, and identity mapping that breaks returning users. Let’s fix what actually burns you in production.


This Week’s Big Story

Update Sign in with Apple Domains Without Breaking Login

Domain changes for Sign in with Apple look like DNS chores until they lock real users out. Miss a trailing slash on a redirect, swap a Service ID, or publish a bad AASA file and your logs fill with “canceled” errors while returning customers cannot get back in. The fix isn’t clever Swift; it’s a cautious migration plan that preserves identity and keeps both domains alive long enough to prove th…


Trend Signals

• Swift at Apple: Migrating the TrueType hinting interpreter to Swift signals continued confidence in Swift for performance-critical subsystems, not just app code. [Source: Swift.org Blog]

• “Hide My Email is about to be useless” is making the rounds; treat this as a nudge to re-check assumptions around email domains and login flows rather than panic. [Source: HackerNews]

• Tim Cook suggests price pressure from memory chips; if device ASPs rise, expect a longer tail of older OS versions in your user base—plan your minimum iOS support accordingly. [Source: HackerNews]

• Another “what juniors must learn” post is circulating; strip the hype and focus on fundamentals that shipped and stuck (concurrency, SwiftUI interop, testing). [Source: Medium]


Swift Snippet of the Week

import Foundation
import AuthenticationServices
import Observation

@MainActor
@Observable
final class AppleSignInCoordinator: NSObject, ASWebAuthenticationPresentationContextProviding {
    private let serviceID = "com.example.web" // Service ID (web)
    private let primaryDomain = URL(string: "https://auth.new.example.com")!
    private let legacyDomains: Set<String> = ["auth.old.example.com", "auth.new.example.com"]
    private let callbackScheme = "myapp" // keep custom-scheme working during UL cutover
    private var state = UUID().uuidString
    private var webSession: ASWebAuthenticationSession?

    func beginWebSignIn() {
        state = UUID().uuidString
        var c = URLComponents(url: primaryDomain.appending(path: "/oauth/apple/start/"), resolvingAgainstBaseURL: false)!
        c.queryItems = [
            .init(name: "client_id", value: serviceID),
            .init(name: "state", value: state),
            .init(name: "redirect_uri", value: "https://auth.new.example.com/auth/callback/") // server will also allow old host
        ]
        let url = c.url!
        let s = ASWebAuthenticationSession(url: url, callbackURLScheme: callbackScheme) { [weak self] url, error in
            guard let self, let url else { return }
// … (truncated for newsletter)

This coordinator bakes in the real-world judgment call: keep the Service ID stable, run dual domains, and preserve a custom-scheme callback so you can canary universal link changes without stranding existing accounts.


Community Picks

Apple’s weird anti-nausea dots cured my car sickness — If motion cues work at scale, re-evaluate motion-heavy UI in CarPlay and transit contexts.

Apple is about to make Hide My Email useless — Treat it as a prompt to harden email routing rules and avoid domain-specific whitelists.

Apple boss Tim Cook says prices to rise due to memory chip costs — Higher device costs could extend older hardware lifetimes; keep perf budgets honest on mid-tier devices.


Until Next Time

If you’re touching auth domains this quarter, read the full piece and ship a migration, not a gamble. I’d love to hear how you’re gating the redirect flip—feature flag, staged DNS, or both—hit reply or join the LinkedIn thread and share your playbook. Forward this to the teammate who owns your AASA and redirect config before your next deploy window.