You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: support/entra/entra-id/app-integration/repeat-login-prompts-in-msal-ios-app.md
+3-5Lines changed: 3 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,7 +21,7 @@ This issue is typically caused by web browser configurations that do not allow c
21
21
22
22
The tutorial uses the MSAL to implement authentication. MSAL SDK facilitates authentication by automatically renewing tokens. It also enables single sign-on (SSO) between other apps on the device and manages user accounts.
23
23
24
-
For SSO to function correctly, tokens must be shared between apps. This requires a token cache or a broker application, such as Microsoft Authenticator for iOS. Interactive authentication in MSAL requires a web browser. On iOS, MSAL uses the system web browser by default for interactive authentication. This default setup supports SSO state sharing between apps.
24
+
For SSO to function correctly, tokens must be shared between apps. To meet this requirement, you must use a token cache or a broker application, such as Microsoft Authenticator for iOS. Interactive authentication in MSAL requires a web browser. On iOS, MSAL uses the Safari system web browser by default for interactive authentication. This default setup supports SSO state sharing between apps.
25
25
26
26
However, if you customize the browser configuration for authentication, such as by using one of the following options, cookie sharing might not be enabled by default.
27
27
@@ -34,20 +34,18 @@ However, if you customize the browser configuration for authentication, such as
34
34
35
35
To prevent repeated login prompts, you must allow cookie sharing when you customize the browser. To enable SSO and cookie sharing between MSAL and your iOS app, use one of the following solutions:
36
36
37
-
- Use `ASWebAuthenticationSession` and the iOS system Safari web browser (`UIApplication.shared.open`)
37
+
- Use `ASWebAuthenticationSession` and Safari (`UIApplication.shared.open`)
38
38
39
39
- Use Case: Your app uses MSAL together with the default `ASWebAuthenticationSession` instance, and you open external links or logout flows in Safari.
40
40
41
41
-**Note:**`ASWebAuthenticationSession` is the recommended method for MSAL interactive authentication on iOS 12+. It's the only supported method on iOS 13+. This method is privacy-preserving and shares cookies with Safari. SSO works between MSAL and Safari because they share cookies through the system authentication session.
42
42
- Use `WKWebView`
43
43
- Use Case: You explicitly configure MSAL to use `WKWebView`, and your app also uses `WKWebView` for related workflows.
44
44
45
-
-**Note:**If you use `WKWebView` for a consistent experience within your app, notice that it's sandboxed and does not share session cookies with Safari or other apps. This supports SSO only within your app.
45
+
-**Note:**You can use `WKWebView` for a consistent experience within your app. However, because it's sandboxed, `WKWebView` doesn't share session cookies with Safari or other apps. This condition limits support for SSO to within your app only.
46
46
47
47
For more information, see [Customizing webviews and browsers](/azure/active-directory/develop/customize-webviews).
0 commit comments