Disable or Suppress Cookie Consent on OAuth Login

Feature Requests
1

Our iOS app was rejected during App Store review because Square’s OAuth login flow now presents a “Manage Cookies” dialog before authentication. For a simple login flow, this dialog adds friction and creates a poor user experience.

More importantly, the presence of a cookie consent screen implies user tracking, which creates issues during App Review—even though our app uses ASWebAuthenticationSession and explicitly sets the session to be ephemeral. In this configuration, cookies are neither persisted nor accessible to the app, making the consent dialog functionally irrelevant for native iOS OAuth.

We’d like to request one of the following options:

  • Remove or suppress the cookie consent dialog for OAuth login flows, or

  • Provide a supported way (such as a request header or OAuth parameter) to pre-select “none” or otherwise bypass the consent screen when cookies are not used.

This would significantly improve the login experience for native apps and help prevent unnecessary App Store rejections.

Thank you for considering this request.

2

Do you have a screenshot of the cookie consent that your referring to? I don’t recall that we have one with OAuth. :slight_smile:

3

Screenshot-0209-130401
Screenshot-0209-1304011640×2360 237 KB

4

Are you using the traditional OAuth flow or PKCE? :slight_smile:

5

original, vanilla oauth

6

Does this only happen on mobile devices? :slight_smile:

7

I don’t know… it is within our app, so yes.

But that’s not why it is happening–it is happening because the nature of the page visit is ephemeral. It would ignore all prior cookies/preferences and cache, which is what we want for a clean login.

In the case of the app review they are probably using a simulator that has never been to square.com before.

I realize this is probably a big ask, but it is also something that should be affecting all partners developing iOS apps that use OAuth.