-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot acquireToken() with ios webview #3329
Comments
Is ITP enabled for iOS web view? I suspect it is safari which may be dropping cookies when an iframe is generated for |
Correct, this is likely caused by ITP, which is enabled in Safari Webviews by default now. For Teams app SSO, it is recommended to use the on-behalf-of flow and/or interaction to achieve SSO if silent SSO does not work. Note, interaction in Teams apps must be done using the Teams JS SDK. This sample demonstrates both the OBO flow and performing interaction with MSAL.js and the Teams SDK: https://github.com/pnp/teams-dev-samples/tree/master/samples/tab-sso/src/nodejs |
@jasonnutter Thanks for your response. Our workflow, looks like this:
So, my questions:
Thanks for your help |
How are you doing this part?
If you are using the MSAL React library, then yes, you do. But using MSAL React is optional. |
public async getAccount(userPrincipalName: string, scopes: string[]): Promise <AccountInfo> {
let msalClient = this.MSALClient();
if(!msalClient) {
return null;
}
let account = msalClient.getAccountByUsername(userPrincipalName);
if(account == null) {
try {
let SSORequest = {
scopes: scopes,
loginHint: userPrincipalName
};
const ssoResponse = await msalClient.ssoSilent(SSORequest);
account = ssoResponse.account;
} catch (error) {
console.warn("Cannot login '" + userPrincipalName + "' using SSO!");
console.warn(error);
}
}
return account;
} All other browsers and devices return an AccountInfo object from the cache after successful login by calling
Ok, we are not using MSAL React library currently. Thanks for your help |
@jasonnutter |
Library
msal@1.x.x
or@azure/msal@1.x.x
@azure/msal-browser@2.x.x
@azure/msal-node@1.x.x
@azure/msal-react@1.x.x
@azure/msal-angular@0.x.x
@azure/msal-angular@1.x.x
@azure/msal-angular@2.x.x
@azure/msal-angularjs@1.x.x
Framework
Description
We are developing an Teams App and using msal-browser to authenticate our users. Everythings works fine on desktop, web and andoid, but with ios we are not able to get a token for the signed in user. SessionStorage doesn't contain any user information after signin.
Error Message
MSAL Configuration
Reproduction steps
Expected behavior
The same behavior like desktop, teams app or android: getting a token and store it to sessionStorage or anywhere else
Identity Provider
Browsers/Environment
Regression
Version: iOS 13.3.x
Security
Source
The text was updated successfully, but these errors were encountered: