Redirecting user into iOS application when reseting password

Question

Currently, I am triggering password reset like this:

  static func firebasePasswordReset(email:String, responseError:@escaping (ResponseError?)->Void, completion:@escaping (
        String)->Void){

        Auth.auth().sendPasswordReset(withEmail: email) { (error) in
            if(error != nil){
              responseError(ResponseError.custom(error?.localizedDescription ?? "Unknow error occured. Please try again."))
            }else{
                completion(NSLocalizedString("Password reset link sent. Please check \(email).", comment: ""))
            }
        }
    }

Though, everything works fine, and link to the appropriate email is sent, a user gets a link that I have set in Firebase console for my website.

So it is https://myprojectname/reset-password.html page.

Now, for iOS users, I don't want them to go to site to reset their password. I want to redirect them to an app, and open a form in their iOS app. Is this somehow possible?

Answer 1

1- AppDelegate

func application(_ application: UIApplication, continue userActivity: NSUserActivity, restorationHandler: @escaping ([Any]?) -> Void) -> Bool {
        if let url = userActivity.webpageURL {
            if url.path.range(of: "/reset-password.html") != nil {
                if let passwordToken = url.getQueryItemValueForKey("token") {
                    let resetPasswordController= ResetPasswordController()
                    resetPasswordController?.passwordToken = passwordToken
                    self.window?.rootViewController = resetPasswordController
                    self.window?.makeKeyAndVisible()
                }
            }
        }

        return true
    }

2 - Add your domain to associated-domains in entitlements.

<key>com.apple.developer.associated-domains</key>
<array>
    <string>applinks:www.yourdomain.com</string>
    <string>applinks:yourdomain.com</string>
</array>

3- Create apple-app-site-association file

Create a apple-app-site-association file which's mime-type is json but without file extension. YOUR_APP_ID is someting like XXXXXXX.com.mycompany.projectname

And be sure it must be accesible via public https://yourdomain.com/apple-app-site-association with the content-type of application/json

{
   "applinks": {
   "apps": [],
   "details": [
      {
         "appID": "YOUR_APP_ID",
         "paths": [
            "/reset-password.html*"
         ]
      }
    ]
}

Update: You must also serve apple-app-site-association file with https. https://developer.apple.com/library/archive/documentation/General/Conceptual/AppSearch/UniversalLinks.html

4- In the email, link should contain a password token, something like this,

<a href="http://yourdomain.com/reset-password.html?token=BLABLABLABLABLABLABAL">Reset Your Password</a>

5- Final

Create a password reset form in your ResetPasswordController ,

Approach one: When user submit form send the token to your server. Check if token exist etc. return true or false from your API.

Approach two: Check if token exist via API then show your reset form.