// Native iOS leaf recipe for test-only auth bypass deep links using Revyl launch arguments.
| name | revyl-cli-auth-bypass-ios |
| description | Native iOS leaf recipe for test-only auth bypass deep links using Revyl launch arguments. |
Use this leaf skill when revyl-cli-auth-bypass has selected a native iOS app. This is app code guidance, not a Revyl authentication shortcut.
For the first-pass setup, start from revyl-cli-auth-bypass; it detects the stack, applies the shared safety contract, and delegates here for Swift/iOS implementation details.
revyl dev list, screenshots, or reports can answer the question..claude/skills slash-command discovery plus WebFetch/WebSearch or configured MCP/browser tools; Cursor .cursor/skills plus .cursor/rules/revyl-skills.mdc and available MCP/browser tools.revyl device screenshot or revyl device report instead of claiming browser access.Use one app-specific deep link shape:
myapp://revyl-auth?token=<token>&role=<role>&redirect=<allowlisted-route>
Revyl launch variables arrive in iOS simulator apps as launch arguments, for example:
-REVYL_AUTH_BYPASS_ENABLED true -REVYL_AUTH_BYPASS_TOKEN <token>
Info.plist: register the app URL scheme.myapp://revyl-auth.Register an app-specific scheme such as myapp in Info.plist:
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleURLSchemes</key>
<array>
<string>myapp</string>
</array>
</dict>
</array>
Keep session creation app-specific and explicit:
import Foundation
private let allowedRedirects: [String: AppRoute] = [
"/account": .account,
"/checkout": .checkout,
"/cart": .cart
]
private let allowedRoles: Set<String> = ["buyer", "support"]
func launchValue(_ key: String) -> String? {
let args = ProcessInfo.processInfo.arguments
guard let index = args.firstIndex(of: "-\(key)") else { return nil }
let valueIndex = args.index(after: index)
return args.indices.contains(valueIndex) ? args[valueIndex] : nil
}
func queryValue(_ name: String, in url: URL) -> String? {
let items = URLComponents(url: url, resolvingAgainstBaseURL: false)?.queryItems ?? []
return items.first(where: { $0.name == name })?.value
}
func handleRevylAuthBypass(_ url: URL) throws -> Bool {
guard url.scheme == "myapp", url.host == "revyl-auth" else { return false }
guard launchValue("REVYL_AUTH_BYPASS_ENABLED") == "true" else {
throw AuthBypassError.disabled
}
guard queryValue("token", in: url) == launchValue("REVYL_AUTH_BYPASS_TOKEN") else {
throw AuthBypassError.badToken
}
let role = queryValue("role", in: url) ?? "buyer"
let redirect = queryValue("redirect", in: url) ?? "/account"
guard allowedRoles.contains(role) else { throw AuthBypassError.badRole }
guard let route = allowedRedirects[redirect] else { throw AuthBypassError.badRedirect }
TestSession.signIn(role: role)
AppRouter.shared.navigate(to: route)
return true
}
Call the handler from SwiftUI or app delegate URL handling:
.onOpenURL { url in
do {
if try handleRevylAuthBypass(url) {
AuthBypassStatus.shared.accepted()
}
} catch {
AuthBypassStatus.shared.rejected(String(describing: error))
}
}
Replace TestSession, AppRouter, AppRoute, and AuthBypassStatus with the app's real session and UI surfaces.
Start a fresh Revyl session with launch vars attached:
export REVYL_AUTH_BYPASS_TOKEN="<test-only-token>"
revyl global launch-var update REVYL_AUTH_BYPASS_TOKEN --value "$REVYL_AUTH_BYPASS_TOKEN"
revyl dev --platform ios --no-build \
--launch-var REVYL_AUTH_BYPASS_ENABLED \
--launch-var REVYL_AUTH_BYPASS_TOKEN
Then verify valid and rejected links:
revyl device navigate --url "myapp://revyl-auth?token=$REVYL_AUTH_BYPASS_TOKEN&role=buyer&redirect=%2Fcheckout"
revyl device screenshot --out /tmp/revyl-auth-bypass-ios-valid.png
revyl device navigate --url "myapp://revyl-auth?token=wrong-token&role=buyer&redirect=%2Fcheckout"
revyl device navigate --url "myapp://revyl-auth?token=$REVYL_AUTH_BYPASS_TOKEN&role=admin&redirect=%2Fcheckout"
revyl device navigate --url "myapp://revyl-auth?token=$REVYL_AUTH_BYPASS_TOKEN&role=buyer&redirect=%2Fadmin"
revyl device screenshot --out /tmp/revyl-auth-bypass-ios-rejected.png
REVYL_AUTH_BYPASS_ENABLED=true.Create robust Revyl E2E tests using CLI commands from app source analysis or exploratory sessions.
Create and maintain Revyl tests through MCP tools using create/update operations and execution feedback loops.
MCP dev-first mobile loop for reliable screenshot-observe-action execution, grounded interactions, and conversion of successful exploratory paths into tests.
Analyze failed Revyl test, workflow, and device-session reports via CLI to classify real bugs, flaky tests, infra issues, setup failures, or test-design improvements.
Native Android leaf recipe for test-only auth bypass deep links using Revyl launch intent extras.
Expo and Expo Router leaf recipe for test-only auth bypass deep links using Revyl launch variables.