iOS MSAL B2C silent authentication for mobile webview #2423
Assignees
Labels
Comments
|
Once a token is expired, it is by design to get it interactively |
|
This flow does not work for mobile biometrics. A user signs in with face ID, even after the token is expired. They expect proper flow and not to login again. We spent 10 months working with Microsoft on this issue. The current B2C flow is not working with mobile biometrics. Brian Adams |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The problem: When using silent authentication, the mobile webview’s cookies are not refreshed. This results in the need to restart the interactive login flow. The B2C SSO will expire in a short time, in our case 15 minutes. After the expiry, there is no way to silent authenticate the SSO for mobile web views.
The solution: Provide a mechanism so that mobile silent authentication will also refresh the webview cookies. This will allow for a seamless flow for the mobile user. Most banking apps will now allow for biometrics with Face ID or Fingerprint ID. The user expects a seamless flow of all SSO components. The silent authentication is built into the MSAL mobile SDK. We need for this silent authentication to refresh the mobile web views in addition to the B2C token.
The text was updated successfully, but these errors were encountered: