---
title: "authenticate(using:callback:preferredBrowserSession:additionalHeaderFields:)"
framework: authenticationservices
role: symbol
role_heading: Instance Method
path: "authenticationservices/webauthenticationsession/authenticate(using:callback:preferredbrowsersession:additionalheaderfields:)"
---

# authenticate(using:callback:preferredBrowserSession:additionalHeaderFields:)

Begins a web authentication session.

## Declaration

```swift
@MainActor func authenticate(using url: URL, callback: ASWebAuthenticationSession.Callback, preferredBrowserSession: WebAuthenticationSession.BrowserSession? = nil, additionalHeaderFields: [String : String]) async throws -> URL
```

## Parameters

- `url`: A URL beginning with HTTP or HTTPS that points to the authentication webpage.
- `callback`: An object that describes when the session calls its completion handler.
- `preferredBrowserSession`: The preferred data-sharing behavior of the browser session. For more information, see doc://com.apple.authenticationservices/documentation/AuthenticationServices/WebAuthenticationSession/BrowserSession.
- `additionalHeaderFields`: A dictionary containing additional header fields to send when loading the initial URL.

## Discussion

Discussion This initializer throws an error if additionalHeaderFields includes a “forbidden request-header” as defined by the WHATWG.

## See Also

### Authenticating a session

- [WebAuthenticationSession.BrowserSession](authenticationservices/webauthenticationsession/browsersession.md)
- [ASWebAuthenticationSession.Callback](authenticationservices/aswebauthenticationsession/callback.md)