microsoft-authentication-library-for-dotnet: [Bug] usage of WithIosKeychainSecurityGroup
Logs and Network traces No relevant errors found in logs.
Which Version of MSAL are you using ?
MSAL 2.6.2
Platform
xamarin iOS
What authentication flow has the issue?
- Desktop / Mobile
- Interactive
- Integrated Windows Auth
- Username Password
- Device code flow (browserless)
- Web App
- Authorization code
- OBO
- Daemon App
- Service to Service calls
Mobile: Username/Password
Other? - please describe;
Is this a new or existing app?
The app is in production. Trying to add MSAL for login using Azure and Facebook.
Repro
//Login
AuthenticationClient = PublicClientApplicationBuilder.Create(Constants.ClientId)
.WithIosKeychainSecurityGroup(Constants.IosKeychainSecurityGroups)
//.WithIosKeychainSecurityGroup("*")
.WithB2CAuthority(Constants.AuthoritySignin)
.WithRedirectUri($"msal{Constants.ClientId}://auth")
//.WithRedirectUri($"https://jwt.ms")
.Build();
Expected behavior Login using Azure AD or Facebook works as expected.
Actual behavior Login only works in DEV when using .WithIosKeychainSecurityGroup(“*”). This does not work when deployed to the app store. If changed to .WithIosKeychainSecurityGroup(“com.microsoft.adalcache”) or with my identifier, error occurs:
The application does not have keychain access enabled in Entitlements =.plist.
Possible Solution
.WithIosKeychainSecurityGroup(“*”).
Additional context/ Logs / Screenshots Add any other context about the problem here, such as logs and screebshots.
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 18 (4 by maintainers)
I was able to get it to work over the weekend and deploy to the store and working in testflight. I kept the wildcard * to pass into iosKeychainSecurityGroup and changed a couple of things:
1 - Added * as a keychain access group in Entitlements file 2 - Changed Bundle signing in project properties to Manual Provisioning instead of Auto
I think #2 may have fixed it as I tried debugging in Release Configuration and noticed VS studio was still using the DEV Provisioning Profile in Release Config.
Hope this helps anyone else with the issue and thanks for the responses!