microsoft-authentication-library-for-dotnet icon indicating copy to clipboard operation
microsoft-authentication-library-for-dotnet copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

Support MacCatalyst

Open SameerK-MSFT opened this issue 2 years ago • 17 comments

Support MacCatalyst in the library

SameerK-MSFT avatar Jul 27 '22 16:07 SameerK-MSFT

Support MacCatalyst in the Library

SameerK-MSFT avatar Jul 27 '22 16:07 SameerK-MSFT

Please add BUG or Feature Request tags on work items. Also, please update the Effort number.

bgavrilMS avatar Jul 29 '22 11:07 bgavrilMS

MacCatalyst does not support existing file based keychain access. To switch to Data Protection based access, it may require coordination with other teams. Started the communication. Ref

SameerK-MSFT avatar Aug 05 '22 22:08 SameerK-MSFT

Ack, dropping this for now as it requires extensive work and collab with MSAL.ObjC team on KeyChain APIs and config.

bgavrilMS avatar Aug 08 '22 13:08 bgavrilMS

Please prioritise MacCatalyst support and MAUI support in general. MS is pushing MAUI but this does not seem to be fully aligned across MS.

SophisticatedConsulting avatar Aug 20 '22 17:08 SophisticatedConsulting

CC @oldalton

bgavrilMS avatar Aug 22 '22 10:08 bgavrilMS

If I remember the original issue was that a maui maccatalyst project ended up using ios MSAL target, which broke in the keychain code. Can the existing Xamarin Mac code not work for MacCatalyst target?

pmaytak avatar Sep 29 '22 20:09 pmaytak

Root cause for not supporting MacCatalyst - https://github.com/AzureAD/microsoft-authentication-library-for-objc/issues/649

Basically we're not sure how to store the token cache so that it doesn't break future scenarios. Blocked until this is figured out by MSAL-ObjC team.

bgavrilMS avatar Sep 30 '22 09:09 bgavrilMS

any news on this?

MSicc avatar Jan 09 '23 07:01 MSicc

We do not plan to support Mac Catalyst in the foreseeable future. Please upvote for this feature to understand interest.

bgavrilMS avatar Jan 09 '23 08:01 bgavrilMS

@EddieLukeAtmey - this repo is for MSAL.NET. I believe your query is about MSAL ObjC (which also does not support MacCatalyst)

bgavrilMS avatar Feb 09 '23 12:02 bgavrilMS

Sorry for bothering you. I've deleted the comment and moved it to the MSAL ObjC Repo.

EddieLukeAtmey avatar Feb 09 '23 15:02 EddieLukeAtmey

This issue is currently tied up with a small Microsoft bureaucracy that don't seem to be aware of broader Microsoft cross platform products and strategy let alone customer needs. The objective C linked issue:

  • Has been discussing this for 3 years: https://github.com/AzureAD/microsoft-authentication-library-for-objc/issues/649
  • Is said to be blocked on some feature related to mobile device management where the "iOS-style keychain" is said to be inadequate for Mac, despite the facts that MDM is a niche issue affecting a minority of users compared to the ability to log in to an app, and despite the fact that "iOS-style keychain" is adequate for authentication on iOS and if it's adequate for iOS it must be adequate for authentication on Mac.
  • A workaround is found by a user (remove && !TARGET_OS_MACCATALYST)) https://github.com/AzureAD/microsoft-authentication-library-for-objc/issues/649#issuecomment-784106303 but discouraged as "such a workaround is not encouraged, since not all of the scenarios would work without an official code-level support from our side".
  • Closed this as unplanned https://github.com/AzureAD/microsoft-authentication-library-for-objc/issues/649#issuecomment-1428866420

Overall the organization in charge of that repo has programmers involved but seems unable to make high level decisions. Most likely the org needs to be bypassed in some way or an appeal to some part of Microsoft that can make a decision needs to be made. It appears that the org is deliberately blocking support of mac catalyst (via the text && !TARGET_OS_MACCATALYST) as they believe that if the library cannot be used by developers who need special conditional access features for mac, it should not be used by anyone.

I think this repo should fork https://github.com/AzureAD/microsoft-authentication-library-for-objc , remove && !TARGET_OS_MACCATALYST as described in the workaround, and test. Very likely that will get MSAL working on maccatalyst in exactly the way it works on iOS.

charlesroddie avatar Jun 07 '23 06:06 charlesroddie

We bumped over this issue while migrating our existing app to Maui. It's a shame that, as @charlesroddie mentioned, Microsoft is pushing a cross-platform technology, but the ecosystem is not there to support the full utilization of cross-platform capabilities.

kyurkchyan avatar Jun 16 '23 17:06 kyurkchyan

While MSAL .NET doesn't support Mac Catalyst, app developers do have the option of using extensibility points to achieve this.

Serialize the cache to KeyChain

https://learn.microsoft.com/en-us/entra/msal/dotnet/how-to/token-cache-serialization?tabs=custom

Pop up a Web Browser

https://learn.microsoft.com/en-us/entra/identity-platform/scenario-desktop-acquire-token-interactive?tabs=dotnet#withcustomwebui

for iOS the MSAL's system browser code is here: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/main/src/client/Microsoft.Identity.Client/Platforms/iOS/SystemWebview/SystemWebUI.cs

bgavrilMS avatar Jan 18 '24 14:01 bgavrilMS

So is there any examples of how this will all work on a mac catalyst system? Thanks for the pointers but an example of how to do this with AZB2C would be nice

cconner100 avatar Feb 29 '24 06:02 cconner100