-
Notifications
You must be signed in to change notification settings - Fork 143
iOS 13 and macOS 10.15 support in MSAL
If your app requires conditional access or certificate authentication support, you must set up your MSAL to be able to talk to the Azure Authenticator app.
MSAL is then responsible for handling requests and responses between your application and the Azure Authenticator app.
However, on iOS 13, Apple made a breaking API change, and removed application's ability to read source application when receiving a response from an external application through custom URL schemes. See notes from Apple here.
If the request originated from another app belonging to your team, UIKit sets the value of this key to the ID of that app. If the team identifier of the originating app is different than the team identifier of the current app, the value of the key is nil.
This is a breaking change for MSAL, because it relied on the UIApplicationOpenURLOptionsSourceApplicationKey to verify communication between MSAL and the Azure Authenticator app.
Additionally, on iOS 13 developer is required to provide a presentation controller when using ASWebAuthenticationSession.
In order to mitigate these changes, we released a new MSAL version with iOS 13 support:
- Your app is leveraging iOS broker, AND you're building with Xcode 11, OR
- You're using ASWebAuthenticationSession, AND you're building with Xcode 11.
In those cases you need to use latest MSAL releases to be able to complete authentication successfully.
- Your app is not using iOS broker, OR
- Your app is being built with Xcode 11, OR
- Your app is distributed by Microsoft (signed by Microsoft developer distribution profile), OR
- You're not using ASWebAuthenticationSession.
-
When using latest MSAL SDKs, you need to ensure that you have the latest Authenticator app installed. Authenticator app with a version 6.3.19 or later is supported.
-
When updating to this release, make sure you update your LSApplicationQueriesSchemes in the Info.plist. New value should be:
<key>LSApplicationQueriesSchemes</key>
<array>
<string>msauthv2</string>
<string>msauthv3</string>
</array>
This is necessary to detect the presence of the latest Authenticator app on device that supports iOS 13.
Please open a Github issue if you have additional questions or seeing any issues.
- Customizing Browsers and WebViews
- Logging
- Sovereign clouds
- B2C
- Auth Telemetry (coming soon)
- MSAL questions, bugs and issues (coming soon)
- Redirect URIs
- Requesting individual claims
- Keychain cache
- SSL issues
- iOS 13 and macOS 10.15 support
- Releases
- Roadmap (coming soon)