Brokered Auth on iOS 13

If your app requires conditional access or certificate authentication support, you must set up your app to be able to talk to the Azure Authenticator app.

MSAL is then responsible for handling requests and responses between your application and the Azure Authenticator app.

However, on iOS 13, Apple made a breaking API change, and removed the application's ability to read source application when receiving a response from an external application through custom URL schemes. See the notes from Apple here.

If the request originated from another app belonging to your team, UIKit sets the value of this key to the ID of that app. If the team identifier of the originating app is different than the team identifier of the current app, the value of the key is nil.

This is a breaking change for MSAL, because it relied on UIApplication.SharedApplication.OpenUrl to verify communication between MSAL and the Azure Authenticator app.

Additionally, on iOS 13 the developer is required to provide a presentation controller when using ASWebAuthenticationSession.

In order to mitigate these changes, we released MSAL.NET 4.4.0 with iOS 13 support:

MSAL 4.4.0

Your app IS impacted if:

Your app is leveraging iOS broker, AND you're building with Xcode 11, OR
You're using ASWebAuthenticationSession, AND you're building with Xcode 11.

In those cases you need to use latest MSAL releases to be able to complete authentication successfully.

Your app is NOT impacted if:

Your app is not using iOS broker, OR
Your app is being built with Xcode 11, OR
Your app is distributed by Microsoft (signed by Microsoft developer distribution profile), OR
You're not using ASWebAuthenticationSession.

Additional considerations:

When using latest MSAL SDKs, you need to ensure that you have the latest Authenticator app installed. Authenticator app with a version 6.3.19 or later is supported.
When updating to MSAL.NET 4.4.0, make sure you update your LSApplicationQueriesSchemes in the Info.plist. The additional value should be msauthv3. See below:

<key>LSApplicationQueriesSchemes</key>
<array>
     <string>msauthv2</string>
     <string>msauthv3</string>
</array>

This is necessary to detect the presence of the latest Authenticator app on device that supports iOS 13.

Please open a Github issue if you have additional questions or seeing any issues.

Getting started with MSAL.NET

Brokered Auth on iOS 13

Your app IS impacted if:

Your app is NOT impacted if:

Additional considerations:

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!