Open Radar

 
The CloudKit REST services and CloudKit JS are, ostensibly, a great way for developers to provide a web experience for their apps in addition to a native app. There is a problem, though: the iOS/Mac CloudKit SDK provides no way to fetch a session token. With the REST services the server replies with a `ckSession` token after a successful login. With the native SDK there is no login flow so there is no opportunity to receive a session token, nor is there a session token concept already represented in the framework.

This is a problem because it means that it’s impossible to authenticate a web service session from a native session on a device. This in turn means that *all* of the business logic for an app has to be represented both client-side and server-side, as the client can’t ask the back end to perform actions on its behalf. Hopefully it is clear that this is an unreasonable burden—in terms of person-hours required and in terms of technical overhead, as trying to exactly duplicate logic in different environments with different technologies and tools is not a simple task. Alternatively, the client could—by hand—implement one raw call to the CloudKit REST API and perform the authentication flow themselves, but this is kludgy and eliminates one of the key benefits of using CloudKit: entirely frictionless authentication.

Typical practice among identity providers (Facebook, Twitter, etc…) is to provide a user ID and auth token as part of the current session object, and in response to a successful login, in their SDK. API specifics aside, it seems clear that this is a critically missing component of the native CloudKit framework.