-
Notifications
You must be signed in to change notification settings - Fork 142
Cloud instance discovery (instance aware flow)
Some apps might need to work with multiple cloud instances at the same time depending on the account. In that case, instance aware flow might be useful.
Instance aware flow allows to perform sovereign cloud discovery in MSAL. This feature is supported end to end only for Microsoft internal services.
If developer wants to support discovery of accounts from sovereign cloud, e.g. German cloud Blackforest, Chinese cloud Mooncake, etc., two things need to be done:
-
The following parameter must be passed as extra query parameter for the interactive acquire token call:
instance_aware : true
Note: Undefined behavior might happen if user tries to log in an account from sovereign cloud using a worldwide authority.
NSDictionary *extraQueryParameters = @{@"instance_aware":@"true"};
[application acquireTokenForScopes:kScopes
loginHint:nil
uiBehavior:MSALUIBehaviorDefault
extraQueryParameters:extraQueryParameters
completionBlock:^(MSALResult *result, NSError *error) {
// Handle result
}];
Note: you might need to pass a different set of scopes for each sovereign cloud. The specific set of scopes depends on the resource that you're using. For example, you could use "https://graph.microsoft.com/user.read" in worldwide cloud, and "https://graph.microsoft.de/user.read" in German cloud.
- There will be an
authorityproperty in theMSALResultreturned in the above call. It may be different from the authority provided by developer.
Developer should use such an authority for subsequent silent acquire token call. Otherwise, cached result might be not found in subsequent calls.
- Customizing Browsers and WebViews
- Logging
- Sovereign clouds
- B2C
- Auth Telemetry (coming soon)
- MSAL questions, bugs and issues (coming soon)
- Redirect URIs
- Requesting individual claims
- Keychain cache
- SSL issues
- iOS 13 and macOS 10.15 support
- Releases
- Roadmap (coming soon)