microsoft-authentication-library-for-dotnet: [Bug] usage of WithIosKeychainSecurityGroup

Logs and Network traces No relevant errors found in logs.

Which Version of MSAL are you using ?

MSAL 2.6.2

Platform

xamarin iOS

What authentication flow has the issue?

  • Desktop / Mobile
    • Interactive
    • Integrated Windows Auth
    • Username Password
    • Device code flow (browserless)
  • Web App
    • Authorization code
    • OBO
  • Daemon App
    • Service to Service calls

Mobile: Username/Password

Other? - please describe;

Is this a new or existing app?

The app is in production. Trying to add MSAL for login using Azure and Facebook.

Repro

//Login
            AuthenticationClient = PublicClientApplicationBuilder.Create(Constants.ClientId)
            .WithIosKeychainSecurityGroup(Constants.IosKeychainSecurityGroups)
            //.WithIosKeychainSecurityGroup("*")
            .WithB2CAuthority(Constants.AuthoritySignin)
            .WithRedirectUri($"msal{Constants.ClientId}://auth")
            //.WithRedirectUri($"https://jwt.ms")
            .Build();

Expected behavior Login using Azure AD or Facebook works as expected.

Actual behavior Login only works in DEV when using .WithIosKeychainSecurityGroup(“*”). This does not work when deployed to the app store. If changed to .WithIosKeychainSecurityGroup(“com.microsoft.adalcache”) or with my identifier, error occurs:

The application does not have keychain access enabled in Entitlements =.plist.

Possible Solution

.WithIosKeychainSecurityGroup(“*”).

Additional context/ Logs / Screenshots Add any other context about the problem here, such as logs and screebshots.

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 18 (4 by maintainers)

Most upvoted comments

I was able to get it to work over the weekend and deploy to the store and working in testflight. I kept the wildcard * to pass into iosKeychainSecurityGroup and changed a couple of things:

1 - Added * as a keychain access group in Entitlements file 2 - Changed Bundle signing in project properties to Manual Provisioning instead of Auto

I think #2 may have fixed it as I tried debugging in Release Configuration and noticed VS studio was still using the DEV Provisioning Profile in Release Config.

Hope this helps anyone else with the issue and thanks for the responses!