Does your app keep asking you to login after initial login when implementing iOS MSAL? Did you implement this in your Android without any issues? Did you look over all your code a million times and your configurations look correct but still cannot figure out why this is happening? Well, you are in luck because we go over why this happens and how to fix it!
SCENARIO
Using MSAL SDK for implementing mobile authentication in iOS app following this tutorial.
This sample uses the Microsoft Authentication library (MSAL) to implement Authentication. MSAL will automatically renew tokens, deliver single sign-on (SSO) between other apps on the device, and manage the Account(s). The key thing to note here is in order for SSO to work, tokens need to be shared between apps. This requires a token cache, or broker application, such as Microsoft Authenticator for iOS.
Expected Behavior:
User does not get prompted to login since user already logged in using MSAL
Actual Behavior:
Received login request
ISSUE
You may have your web browsers configured in a way that does not allow cookie sharing.
A web browser is required for interactive authentication. On iOS, the Microsoft Authentication Library (MSAL) uses the system web browser by default to do interactive authentication to sign in users. Using the system browser has the advantage of sharing the Single Sign ON (SSO) state with other applications and with web applications.
Since the system browser is the default, you may have opted to customize this configuration in the process by redirecting to one of the following:
For iOS only: | For iOS and macOS: |
ASWebAuthenticationSession SFAuthenticationSession SFSafariViewController | WKWebView |
All of that is completely fine but you have to set this up in a way that enables cookie sharing.
RESOLUTION
You can use one of the following combinations in order to allow cookie sharing:
- ASWebAuthenticationSession in MSAL + openURL in Safari browser (not SafariViewController, the full browser)
- SFSafariViewController in MSAL + SFSafariViewController in your app
- WKWebView in MSAL + WKWebView in your app
See here for additional details on customizing webviews and browsers.
NOTE
For Xamarin.iOS there are several considerations to take that are separate from the issue described in this blog post including enabling token caching and using Microsoft Authenticator. You can find more information on how to achieve this here.
Hi David, I have a situation here on xamarin forms mobile app, where I am using an MSAL lib let users sign in with the default browser and following the same exact code on this link https://github.com/Azure-Samples/active-directory-xamarin-native-v2/tree/master/1-Basic , Now I am trying to display Sharepoint Online website in the Web view inside the mobile app itself, as the user already signed in, I don’t want user to see the Microsoft login page at all , directly take them to the Sharepoint home page, Is this possible? , If possible is there a way can you guide me to do that .Thanks for the help