You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Apple rejected the submission of an app using the AppAuth library due to a missing Privacy Manifest. The specific error reported by Apple is ITMS-91065: Missing signature. It states that the app includes "AppAuth", which is identified as a privacy-impacting SDK, and requires a privacy manifest. Currently, it seems the AppAuth library does not include this required manifest, making it impossible to release apps on the App Store that use this library for OAuth 2.0.
To Reproduce
Steps to reproduce the behavior:
Create an app that uses the AppAuth library.
Submit the app to the App Store for review.
Wait for Apple to review the app.
The app will be rejected with an error related to a missing signature (privacy manifest).
Expected behavior
The application should pass App Store submission without any errors related to missing signatures or privacy manifest files.
Additional context
During the development of OAuth functionality using the AppAuth library, the AuthState is stored using Keychain to maintain user login state. This is the only piece of user information that is stored during the development process. Additionally, UserDefaults is used to store an internal system token, which is not provided by AppAuth (this might or might not be related to the rejection).
The rejection message from Apple was as follows:
"ITMS-91065: Missing signature - Your app includes 'Frameworks/AppAuth.framework/AppAuth', which includes AppAuth, an SDK that was identified in the documentation as a privacy-impacting third-party SDK. If a new app includes a privacy-impacting SDK, or an app update adds a new privacy-impacting SDK, the SDK must include a signature file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a signature."
Please provide guidance on how to add the Privacy Manifest or an updated version of the library that complies with the new Apple requirements.
The text was updated successfully, but these errors were encountered:
Describe the bug
Apple rejected the submission of an app using the AppAuth library due to a missing Privacy Manifest. The specific error reported by Apple is ITMS-91065: Missing signature. It states that the app includes "AppAuth", which is identified as a privacy-impacting SDK, and requires a privacy manifest. Currently, it seems the AppAuth library does not include this required manifest, making it impossible to release apps on the App Store that use this library for OAuth 2.0.
To Reproduce
Steps to reproduce the behavior:
Screenshots
Environment
macOS: 14.4.1
Xcode: 15.3
Carthage: 0.39.1
AppAuth: 1.7.5
Additional context
During the development of OAuth functionality using the AppAuth library, the AuthState is stored using Keychain to maintain user login state. This is the only piece of user information that is stored during the development process. Additionally, UserDefaults is used to store an internal system token, which is not provided by AppAuth (this might or might not be related to the rejection).
The rejection message from Apple was as follows:
"ITMS-91065: Missing signature - Your app includes 'Frameworks/AppAuth.framework/AppAuth', which includes AppAuth, an SDK that was identified in the documentation as a privacy-impacting third-party SDK. If a new app includes a privacy-impacting SDK, or an app update adds a new privacy-impacting SDK, the SDK must include a signature file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a signature."
Please provide guidance on how to add the Privacy Manifest or an updated version of the library that complies with the new Apple requirements.
The text was updated successfully, but these errors were encountered: