-
Notifications
You must be signed in to change notification settings - Fork 113
ADAL iOS 13 support
If your app requires conditional access or certificate authentication support, you must set up your AuthenticationContext and redirectURI to be able to talk to the Azure Authenticator app (see more info about brokered authentication).
ADAL is then responsible for handling requests and responses between your application and the Azure Authenticator app.
However, on iOS 13, Apple made a breaking API change, and removed application's ability to read source application when receiving a response from an external application through custom URL schemes. See notes from Apple here.
If the request originated from another app belonging to your team, UIKit sets the value of this key to the ID of that app. If the team identifier of the originating app is different than the team identifier of the current app, the value of the key is nil.
This is a breaking change for ADAL, because it relied on the UIApplicationOpenURLOptionsSourceApplicationKey to verify communication between ADAL and the Azure Authenticator app.
In order to mitigate this, we released two new ADAL versions:
- Your app is leveraging iOS broker, AND you're building with Xcode 11. In that case you need to use latest ADAL releases to be able to complete authentication successfully, OR
- Your app uses multi-window features.
- Your app is not using iOS broker, OR
- Your app is not being built with Xcode 11, OR
- Your app is distributed by Microsoft (signed by Microsoft developer distribution profile).
-
When using latest ADAL SDKs, you need to ensure that you have the latest Authenticator app installed. Authenticator app with a version 6.3.19 or later is supported.
-
When updating to this release, make sure you update your LSApplicationQueriesSchemes in the Info.plist of your application. New value should be:
<key>LSApplicationQueriesSchemes</key>
<array>
<string>msauth</string>
<string>msauthv3</string>
</array>
This is necessary to detect the presence of the latest Authenticator app on device that supports iOS 13.
-
If you adopted UISceneDelegate, you must also add an ADAL callback into the
scene:openURLContexts:method.
This is needed so that ADAL can get a response from the Microsoft Authenticator application.
For example:
- (void)scene:(UIScene *)scene openURLContexts:(NSSet<UIOpenURLContext *> *)URLContexts
{
UIOpenURLContext *context = URLContexts.anyObject;
NSURL *url = context.URL;
NSString *sourceApplication = context.options.sourceApplication;
[ADAuthenticationContext handleADALResponse:url sourceApplication:sourceApplication];
}If you're not using UISceneDelegate functionality yet, you can ignore this step.
- If you support multi-window scenarios, you need to provide a parent controller to all ADAL interactive requests. It can be set when configuring your ADAuthenticationContext: https://github.com/AzureAD/azure-activedirectory-library-for-objc/blob/master/ADAL/src/public/ADAuthenticationContext.h#L276. This is necessary to determine correct window for the authentication dialog when working in multi window applications.
Please open a Github issue if you have additional questions or seeing any issues.