Does your app keep asking you to login after initial login when implementing iOS MSAL? Did you implement this in your Android without any issues? Did you look over all your code a million times and your configurations look correct but still cannot figure out why this is happening? Well, you are in luck because we go over why this happens and how to fix it!

SCENARIO

Using MSAL SDK for implementing mobile authentication in iOS app following this tutorial.

This sample uses the Microsoft Authentication library (MSAL) to implement Authentication. MSAL will automatically renew tokens, deliver single sign-on (SSO) between other apps on the device, and manage the Account(s). The key thing to note here is in order for SSO to work, tokens need to be shared between apps. This requires a token cache, or broker application, such as Microsoft Authenticator for iOS.

Expected Behavior:
User does not get prompted to login since user already logged in using MSAL

Actual Behavior:
Received login request

ISSUE

You may have your web browsers configured in a way that does not allow cookie sharing.

A web browser is required for interactive authentication. On iOS, the Microsoft Authentication Library (MSAL) uses the system web browser by default to do interactive authentication to sign in users. Using the system browser has the advantage of sharing the Single Sign ON (SSO) state with other applications and with web applications.

Since the system browser is the default, you may have opted to customize this configuration in the process by redirecting to one of the following:

For iOS only: For iOS and macOS:
ASWebAuthenticationSession
SFAuthenticationSession
SFSafariViewController
WKWebView

All of that is completely fine but you have to set this up in a way that enables cookie sharing.

RESOLUTION

You can use one of the following combinations in order to allow cookie sharing:

  • ASWebAuthenticationSession in MSAL + openURL in Safari browser (not SafariViewController, the full browser)
  • SFSafariViewController in MSAL + SFSafariViewController in your app
  • WKWebView in MSAL + WKWebView in your app

See here for additional details on customizing webviews and browsers.

NOTE

For Xamarin.iOS there are several considerations to take that are separate from the issue described in this blog post including enabling token caching and using Microsoft Authenticator. You can find more information on how to achieve this here.

Leave a Reply

avatar
  Subscribe  
Notify of