Recently I was working on client certificate-based authentication. The app is for enterprise, so is distributed through MDM. In my case it was MobileIron. Thus the app is using MobileIron mobile AppConnect SDK for iOS. The problem rose up when I managed to properly set the app configuration through MobileIron Core, but authentication still failed.
The process of authentication was driven by numerous redirects. Every next redirect response contained Set-Cookie header with cookies that were obviously important for next request caused by the response.
It is appeared that URLSession — for some reason I do not understand — loses cookies when handling redirects.
The workaround is to implement
urlSession(_ session: URLSession, task: URLSessionTask, willPerformHTTPRedirection response: HTTPURLResponse, newRequest request: URLRequest, completionHandler: @escaping (URLRequest?) -> Void)
method of URLSessionTaskDelegate like this:
Do not lose your cookies! As I did 🤷🏻♂️
Hope it will help someone!