microsoft-authentication-library-for-dotnet icon indicating copy to clipboard operation
microsoft-authentication-library-for-dotnet copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

Xamarin iOS: XF SDK doesn't allow to force use SFSafariViewController

Open devlanfear opened this issue 5 years ago • 3 comments

Which Version of MSAL are you using ? MSAL 4.22.0

Platform Xamarin iOS

What authentication flow has the issue?

  • Desktop / Mobile
    • [ +] Interactive

Is this a new or existing app? New app

Repro

Xamarin.Forms SDK doesn't allow to force use SFSafariViewController for iOS. https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/c77722d4803d663f6a89fb008192725e69c6525e/src/client/Microsoft.Identity.Client/Platforms/iOS/SystemWebview/SystemWebUI.cs

Expected behavior SDK allows to force use SFSafariViewController for iOS

Actual behavior SDK decides which authentication flow to use internally

Additional context/ Logs / Screenshots We would like to use SFSafariViewController for authentication flow to get SSO for Sharepoint site: so after user authenticated via MSAL and SFSafariViewController, we can open Sharepoint site in SFSafariViewController and user will be authenticated automatically

devlanfear avatar Nov 06 '20 16:11 devlanfear

@devlanfear : we have chosen the current approach as these are the preferred options across iOS versions. Some additional information is available here: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-web-browsers#system-web-browser-on-xamarinios-xamarinandroid

If I understand correctly, your scenario is that you have a set of pages (sharepoint) you show embedded in your app that is hosted on a web server which requires authentication, in order to re-use the cookies set you would like to be able to re-use the same browser?

As you likely know, our general recommendation is to use the System Browser though this will not work for your scenario for SSO.

We are not able to prioritize this work at the moment. One option which could be considered is for us to allow you to bring your own webview.

henrik-me avatar Nov 13 '20 19:11 henrik-me

@henrik-me Thank you for answer!

  1. Scenario: yes, you are right. That's why we want to use SFSafariViewController in MSAL authentication flow and then use it for user browsing.
  2. Do you plan to implement OpenBrowserAsync (part of SystemWebViewOptions) property on mobile? Now it is available only for Desktop platforms. This will probably allow us to use SFSafariViewController
  3. What are the reasons to force use ASWebAuthenticationSession for iOS >=12 ?

devlanfear avatar Nov 22 '20 16:11 devlanfear

Hi @devlanfear, to implement your own "browser", please use this extensibility mechanism: https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-desktop-acquire-token?tabs=dotnet#use-withcustomwebui

I hope the comments on that interface are sufficient - essentially we give you an URL that you have to navigate to and expect you to give us the final URL which contains the authorization code.

bgavrilMS avatar Nov 23 '20 14:11 bgavrilMS