[Bug] MSAL.NET Authentication Error in WebView on iOS during AcquireTokenSilent with SharePoint Pages

[kezack]

Library version used

4.71.0

.NET version

.net 8

Scenario

PublicClient - mobile app

Is this a new or an existing app?

The app is in production, I haven't upgraded MSAL, but started seeing this issue

Issue description and reproduction steps

I'm encountering an issue with MSAL.NET and the WebView when using WithUseEmbeddedWebView set to true in a .NET 8 MAUI application on iOS. The initial authentication works fine with WithUseEmbeddedWebView. However, after that, when calling AcquireTokenSilent, I get an authentication error in the WebView when attempting to load SharePoint pages. This issue does not occur on Android.

Steps to Reproduce:

1. Implement MSAL.NET authentication with WithUseEmbeddedWebView set to true.
2. Perform the first authentication and acquire a token (this works fine).
3. On subsequent app launches, call AcquireTokenSilent to silently acquire the token.
4. Attempt to load SharePoint pages in the WebView after acquiring the token.
5. Observe that on iOS, an authentication error occurs in the WebView during the AcquireTokenSilent call when loading the SharePoint pages.

Relevant code snippets

public async Task<AuthenticationResult> LoginAsync(CancellationToken cancellationToken)
        {
            AuthenticationResult result;
            try
            {
                var accounts = await authenticationClient.GetAccountsAsync();
                if (accounts.Any())
                {
                    result = await authenticationClient
                        .AcquireTokenSilent(Constants.Scopes, accounts.FirstOrDefault())
                        .ExecuteAsync(cancellationToken);
                }
                else
                {
                    result = await authenticationClient
                    .AcquireTokenInteractive(Constants.Scopes)
#if ANDROID
                   .WithParentActivityOrWindow(Platform.CurrentActivity)
#endif
                    .WithUseEmbeddedWebView(true)
                    .ExecuteAsync(cancellationToken);
                }
                return result;
            }
            catch (MsalClientException ex)
            {
                try
                {
                    Console.WriteLine("LoginAsync : " + ex.Message);
                    result = await authenticationClient
                        .AcquireTokenInteractive(Constants.Scopes)
#if ANDROID
                   .WithParentActivityOrWindow(Platform.CurrentActivity)
#endif
                        .WithUseEmbeddedWebView(true)
                        .ExecuteAsync(cancellationToken);
                    return result;
                }
                catch
                {
                    throw;
                }
            }
            catch (MsalUiRequiredException)
            {
                return await authenticationClient.AcquireTokenInteractive(Constants.Scopes)
#if ANDROID
                   .WithParentActivityOrWindow(Platform.CurrentActivity)
#endif
                   .WithUseEmbeddedWebView(true)
                   .ExecuteAsync(cancellationToken);
            }
        }

Expected behavior

The application should silently acquire the token during AcquireTokenSilent and load SharePoint pages in the WebView without triggering an authentication error on iOS, similar to the behavior on Android.

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

No response

[Supaibo]

+1

[nrubio-powellsoftware]

+1

[orty]

+1

[ottorinobruni]

+1