-
Notifications
You must be signed in to change notification settings - Fork 214
Brokered Auth on iOS 13
If your app requires conditional access or certificate authentication support, you must set up your app to be able to talk to the Azure Authenticator app.
ADAL is then responsible for handling requests and responses between your application and the Azure Authenticator app.
However, on iOS 13, Apple made a breaking API change, and removed the application's ability to read source application when receiving a response from an external application through custom URL schemes. See the notes from Apple here.
If the request originated from another app belonging to your team, UIKit sets the value of this key to the ID of that app. If the team identifier of the originating app is different than the team identifier of the current app, the value of the key is nil.
This is a breaking change for ADAL, because it relied on UIApplication.SharedApplication.OpenUrl to verify communication between ADAL and the Azure Authenticator app.
Additionally, on iOS 13 the developer is required to provide a presentation controller when using ASWebAuthenticationSession.
In order to mitigate these changes, we released ADAL.NET 5.2.2 with iOS 13 support:
- Your app is leveraging iOS broker, AND you're building with Xcode 11, OR
- You're using ASWebAuthenticationSession, AND you're building with Xcode 11.
In those cases you need to use latest ADAL releases to be able to complete authentication successfully.
- Your app is not using iOS broker, OR
- Your app is being built with Xcode 11, OR
- Your app is distributed by Microsoft (signed by Microsoft developer distribution profile), OR
- You're not using ASWebAuthenticationSession.
-
When using latest ADAL SDKs, you need to ensure that you have the latest Authenticator app installed. Authenticator app with a version 6.3.19 or later is supported.
-
When updating to ADAL.NET 5.2.2, make sure you update your
LSApplicationQueriesSchemesin theInfo.plist. The additional value should bemsauthv3. See below:
<key>LSApplicationQueriesSchemes</key>
<array>
<string>msauthv2</string>
<string>msauthv3</string>
</array>
This is necessary to detect the presence of the latest Authenticator app on device that supports iOS 13.
Please open a Github issue if you have additional questions or seeing any issues.
You also might considering making the move to MSAL.NET
- Home
- Why use ADAL.NET?
- Register your app with AAD
- AuthenticationContext
- Acquiring Tokens
- Calling a protected API
- Acquiring a token interactively
- Acquiring tokens silently
- Using Device Code Flow
- Using Embedded Webview and System Browser in ADAL.NET and MSAL.NET
- With no user
- In the name of a user
- on behalf of (Service to service calls)
- by authorization code (Web Apps)
- Use async controller actions
- Exception types
- using Broker on iOS and Android
- Logging
- Token Cache serialization
- User management
- Using ADAL with a proxy
- Authentication context in multi-tenant scenarios
- Troubleshooting MFA in a WebApp or Web API
- Provide your own HttpClient
- iOS Keychain Access