In an iOS app I am working on I have setup Associated Domains (Universal Links). The app hosts multiple domains. Some domains I have set up with a wildcard. These domains do not seem to work. For example, I want to link to https://news.mydomain.com/. If I add the following to the list of associated domains:

applinks:*.mydomain.com -> Does not work

applinks:news.mydomain.com -> works fine

So I believe I did set up all correct, the apple-app-site-association file is setup fine. I can even see in both cases (using Charles Proxy) the apple-app-site-association file got retrieved ok.

In the case of the wildcard, the link only opens in Safari.

When I configure the domain without a wildcard, the App opens.

Am I missing something here? I am running iOS 9.3.2 on the device and I am running Xcode 7.3.1 which are today the latest versions.

I added my findings to this thread: https://forums.developer.apple.com/thread/47315

In short, even in iOS 10, it appears that the wildcard setup requires that the apple-app-site-association file be served by the wildcard's root.

For instance, if you want to use *.domain.com, then the apple-app-site-association needs to be hosted at both, e.g., app1.domain.com and domain.com, else it won't work with simply specifying applinks:*.domain.com in Xcode.

This is unfortunate if your main site is hosted at www.domain.com, and that you have a 301 redirect on domain.com (which redirects you to www.domain.com), because Universal Links do not allow redirects.

The workaround I found was to create a main subdomain for your app, and to use sub-subdomains for the wildcard. E.g.

• app.domain.com (must serve the apple-app-site-association file)
• server1.app.domain.com (must serve the apple-app-site-association)
• server2.app.domain.com (...)

That way, in Xcode, you may only specify applinks:*.app.domain.com and Universal Links will work without you having to specify server1.app.domain.com, server2.app.domain.com, and so on... in Xcode.

Note, however, that you must also explicitly specify applinks:app.domain.com if you plan on using that server as well with your app.

I hope this helps.

It seems that adding a wildcard in the domain part of the applinks has only been introduced in iOS 9.3 Beta 2. In 9.3 Beta 2 release notes:

You can now use Universal Links with arbitrary subdomains instead of needing to list all of the app’s subdomains as fully qualified domain names. Entries have the form:

:[:port number] in which is “webcredentials”, “activitycontinuation”, or “applinks”.

The part of the entry can now optionally be prefixed with “*.” to indicate a wildcard subdomain. For example:

applinks:*.example.com

You say that you run on iOS 9.3.2. But is your deployment target >= iOS 9.3 ? If it's not: try by changing it. I think it will solve your issue.

Here you can found a copy of this release notes (sorry, I do not have any other public source)

Edit:

Even if the Apple Doc say that you can use wildcards on domains, they seems to have an issue on this:

To match all subdomains of an associated domain, you can specify a wildcard by prefixing . before the beginning of a specific domain (the period is required). Domain matching is based on the longest substring in the applinks entries. For example, if you specify the entries applinks:.mywebsite.com and applinks:*.users.mywebsite.com, matching for the domain emily.users.mywebsite.com is performed against the longer *.users.mywebsite.com entry. Note that an entry for *.mywebsite.com does not match mywebsite.com because of the period after the asterisk. To enable matching for both *.mywebsite.com and mywebsite.com, you need to provide a separate applinks entry for each.

I think it is apple bug in documentation. I got same error on 9.3.1. And 9.3.2 works fine. Very interesting link, about signing problems, see Laurence Fan's comment

Apple should say that *.domain.com works for >= 9.3.2 in this link Support Universal Links

I tried this in Sept 2016, with both iOS 9.3.5 and iOS 10 beta. Situation appears unchanged: universal links are still not working if applinks contains only wildcard domains, even though the documentation suggests that this should work.

Apple have change in AASA file to support Dynamic link please change and add also in Assciate domain : webcredentials:dev.rlogical.com

{
  "applinks": {
      "details": [
           {
             "appIDs": [ "ABCDE12345.com.example.app", "ABCDE12345.com.example.app2" ],
             "components": [
               {
                  "#": "no_universal_links",
                  "exclude": true,
                  "comment": "Matches any URL whose fragment equals no_universal_links and instructs the system not to open it as a universal link"
               },
               {
                  "/": "/buy/*",
                  "comment": "Matches any URL whose path starts with /buy/"
               },
               {
                  "/": "/help/website/*",
                  "exclude": true,
                  "comment": "Matches any URL whose path starts with /help/website/ and instructs the system not to open it as a universal link"
               },
               {
                  "/": "/help/*",
                  "?": { "articleNumber": "????" },
                  "comment": "Matches any URL whose path starts with /help/ and which has a query item with name 'articleNumber' and a value of exactly 4 characters"
               }
             ]
           }
       ]
   },
   "webcredentials": {
      "apps": [ "ABCDE12345.com.example.app" ]
   },
    "appclips": {
        "apps": ["ABCED12345.com.example.MyApp.Clip"]
    }
}

Ideally, of course, all of the links on your website are allowed to be opened in the app, regardless of subdomains or www redirects, and then you use the content of apple-app-site-association to limit which ones actually will open in the app.

Let's assume you want everything on your domain (e.g. coursicle.com) to be eligible to be opened as a deep link. Then you'll want to configure your entitlements in Xcode as applinks:*.coursicle.com. No problem because you own coursicle.com, right? But it's very likely that you're redirecting coursicle.com to www.coursicle.com and Apple's going to check coursicle.com/.well-known/apple-app-site-association and/or coursicle.com/apple-app-site-association, which is going to redirect to the www equivalent. Because of Apple's "no redirects" stipulation, your deep links will fail.

@33-B01's answer points this out and offers a workaround. We were considering this solution, by making it so that on iPhones any link on our site that we wanted deep linked would have a subdomain link added to it. Moreover, our entitlements would contain applinks:link.coursicle.com and link.coursicle.com/apple-app-site-association would return our JSON without any redirects. This meant for desktop users we'd display www.coursicle.com/unc/?search=math but for iPhone user agents we'd show link.coursicle.com/unc/?search=math. If an iPhone user tapped on a link.coursicle.com/unc/?search=math link and they had the app, it'd open directly in the app. If they didn't, we'd have a redirect rule that takes all link.coursicle.com links and redirects them to www.coursicle.com, allowing our application code to handle this user now that we know they don't have the app.

This solution actually killed two birds with one stone. If the user is on a coursicle.com link in Safari, in order to get a deep link to actually open in the app we need to provide a different subdomain per Apple's requirements, otherwise it's assumed that the user wants to stay in Safari (I this this is pretty silly and I do not understand the reasoning). So because all of the desired deep links were link.coursicle.com and because we could easily host our JSON at link.coursicle.com/apple-app-site-association without any redirects, it works.

There's just one problem: you don't have control over how others link to your site. What happens if someone on desktop sends the link www.coursicle.com/unc/?search=math to someone on an iPhone who has the app installed? Well applinks:coursicle.com isn't in our entitlements so the link would open in Safari.

To get the ideal solution, despite having a www redirect, all you have to do is prevent the www redirection for the specific files you know Apple is going to request. In Apache, it can be done via the following:

# force www. because the local storage/cookies does discriminate
# unless it's the apple-app-site-association which won't tolerate a redirect so we 
# have to have it load the appropriate file directly
RewriteCond %{HTTP_HOST} !^www\.
RewriteCond %{REQUEST_URI} !^/apple-app-site-association$ [NC]
RewriteCond %{REQUEST_URI} !^/.well-known/apple-app-site-association$ [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}$1 [R=301,L]

This might cause some of your subsequent rules to behave a little funny because you expect a www redirect, so you can always add the following to make it so that if the URL does exactly match apple-app-site-association, you have Apache serve it directly from the file system:

# Manually specify where to find the apple-app-site-association, may not be necessary depending on your configuration
Alias "/apple-app-site-association" "/var/www/coursicle.com/shared/link/nativeDeepLink/apple-app-site-association.php"
Alias "/.well-known/apple-app-site-association" "/var/www/coursicle.com/shared/link/nativeDeepLink/apple-app-site-association.php"