Swiftpack.co - Package - AzureAD/microsoft-authentication-library-for-objc
Swiftpack.co is a collection of thousands of indexed Swift packages. Search packages.

Microsoft Authentication Library for iOS and macOS

Get Started iOS Sample Code macOS Sample Code Library reference Support

The MSAL library for iOS and macOS gives your app the ability to begin using the Microsoft Identity platform by supporting Azure Active Directory and Microsoft Accounts in a converged experience using industry standard OAuth2 and OpenID Connect. The library also supports Azure AD B2C for those using our hosted identity management service.

Build Status

Quick sample

Swift

let config = MSALPublicClientApplicationConfig(clientId: "<your-client-id-here>")
let scopes = ["your-scope1-here", "your-scope2-here"]
        
if let application = try? MSALPublicClientApplication(configuration: config) {
            
	#if os(iOS)
	let viewController = ... // Pass a reference to the view controller that should be used when getting a token interactively
	let webviewParameters = MSALWebviewParameters(authPresentationViewController: viewController)
	#else
	let webviewParameters = MSALWebviewParameters()
	#endif
	
	let interactiveParameters = MSALInteractiveTokenParameters(scopes: scopes, webviewParameters: webviewParameters)
	application.acquireToken(with: interactiveParameters, completionBlock: { (result, error) in
                
	guard let authResult = result, error == nil else {
		print(error!.localizedDescription)
		return
	}
                
	// Get access token from result
	let accessToken = authResult.accessToken
                
	// You'll want to get the account identifier to retrieve and reuse the account for later acquireToken calls
	let accountIdentifier = authResult.account.identifier
	})
}
else {
	print("Unable to create application.")
}

Objective-C

NSError *msalError = nil;
    
MSALPublicClientApplicationConfig *config = [[MSALPublicClientApplicationConfig alloc] initWithClientId:@"<your-client-id-here>"];
NSArray<NSString *> *scopes = @[@"your-scope1-here", @"your-scope2-here"];
    
MSALPublicClientApplication *application = [[MSALPublicClientApplication alloc] initWithConfiguration:config error:&msalError];
    
#if TARGET_OS_IPHONE
    UIViewController *viewController = ...; // Pass a reference to the view controller that should be used when getting a token interactively
    MSALWebviewParameters *webParameters = [[MSALWebviewParameters alloc] initWithAuthPresentationViewController:viewController];
#else
    MSALWebviewParameters *webParameters = [MSALWebviewParameters new];
#endif
    
MSALInteractiveTokenParameters *interactiveParams = [[MSALInteractiveTokenParameters alloc] initWithScopes:scopes webviewParameters:webParameters];
[application acquireTokenWithParameters:interactiveParams completionBlock:^(MSALResult *result, NSError *error) {
    if (!error)
    {
        // You'll want to get the account identifier to retrieve and reuse the account
        // for later acquireToken calls
        NSString *accountIdentifier = result.account.identifier;
            
        NSString *accessToken = result.accessToken;
    }
    else
    {
        // Check the error
    }
}];

Installation

Using CocoaPods

You can use CocoaPods to install MSAL by adding it to your Podfile under target:

use_frameworks!
 
target 'your-target-here' do
	pod 'MSAL'
end

Using Carthage

You can use Carthage to install MSAL by adding it to your Cartfile:

github "AzureAD/microsoft-authentication-library-for-objc" "master"

Using Swift Packages

You can add MSAL as a swift package dependency. For MSAL version 1.1.14 and above, distribution of MSAL binary framework as a Swift package is available.

  1. For your project in Xcode, click File -> Swift Packages -> Add Package Dependency...
  2. Choose project to add dependency in
  3. Enter : https://github.com/AzureAD/microsoft-authentication-library-for-objc as the package repository URL
  4. Choose package options with :
    1. Rules -> Branch : master (For latest MSAL release)
    2. Rules -> Version -> Exact : [release version >= 1.1.14] (For a particular release version)

Manually

You can also use Git Submodule or check out the latest release and use as framework in your application.

Configuring MSAL

Adding MSAL to your project

  1. Register your app in the Azure portal
  2. Make sure you register a redirect URI for your application. It should be in the following format:

msauth.[BUNDLE_ID]://auth

  1. Add a new keychain group to your project Capabilities. Keychain group should be com.microsoft.adalcache on iOS and com.microsoft.identity.universalstorage on macOS.

See more information about keychain groups and Silent SSO for MSAL.

iOS only steps:

  1. Add your application's redirect URI scheme to your Info.plist file, it will be in the format of msauth.[BUNDLE_ID]
<key>CFBundleURLTypes</key>
<array>
    <dict>
        <key>CFBundleURLSchemes</key>
        <array>
            <string>msauth.[BUNDLE_ID]</string>
        </array>
    </dict>
</array>
  1. Add LSApplicationQueriesSchemes to allow making call to Microsoft Authenticator if installed.

Note that "msauthv3" scheme is needed when compiling your app with Xcode 11 and later.

<key>LSApplicationQueriesSchemes</key>
<array>
	<string>msauthv2</string>
	<string>msauthv3</string>
</array>

See more info about configuring redirect uri for MSAL

  1. To handle a callback, add the following to appDelegate:

Swift

func application(_ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey : Any] = [:]) -> Bool {
        
	return MSALPublicClientApplication.handleMSALResponse(url, sourceApplication: options[UIApplication.OpenURLOptionsKey.sourceApplication] as? String)
}

Objective-C

- (BOOL)application:(UIApplication *)app
            openURL:(NSURL *)url
            options:(NSDictionary<UIApplicationOpenURLOptionsKey,id> *)options
{
    return [MSALPublicClientApplication handleMSALResponse:url 
                                         sourceApplication:options[UIApplicationOpenURLOptionsSourceApplicationKey]];
}

Note, that if you adopted UISceneDelegate on iOS 13+, MSAL callback needs to be placed into the appropriate delegate method of UISceneDelegate instead of AppDelegate. MSAL handleMSALResponse:sourceApplication: must be called only once for each URL. If you support both UISceneDelegate and UIApplicationDelegate for compatibility with older iOS, MSAL callback would need to be placed into both files.

Swift

func scene(_ scene: UIScene, openURLContexts URLContexts: Set<UIOpenURLContext>) {
        
        guard let urlContext = URLContexts.first else {
            return
        }
        
        let url = urlContext.url
        let sourceApp = urlContext.options.sourceApplication
        
        MSALPublicClientApplication.handleMSALResponse(url, sourceApplication: sourceApp)
    }

Objective-C

- (void)scene:(UIScene *)scene openURLContexts:(NSSet<UIOpenURLContext *> *)URLContexts
{
    UIOpenURLContext *context = URLContexts.anyObject;
    NSURL *url = context.URL;
    NSString *sourceApplication = context.options.sourceApplication;
    
    [MSALPublicClientApplication handleMSALResponse:url sourceApplication:sourceApplication];
}

macOS only steps:

  1. Make sure your application is signed with a valid development certificate. While MSAL will still work in the unsigned mode, it will behave differently around cache persistence.

Using MSAL

Creating an Application Object

Use the client ID from your app listing when initializing your MSALPublicClientApplication object:

Swift

let config = MSALPublicClientApplicationConfig(clientId: "<your-client-id-here>")
let application = try? MSALPublicClientApplication(configuration: config) 

Objective-C

NSError *msalError = nil;
    
MSALPublicClientApplicationConfig *config = [[MSALPublicClientApplicationConfig alloc] initWithClientId:@"<your-client-id-here>"];
MSALPublicClientApplication *application = [[MSALPublicClientApplication alloc] initWithConfiguration:config error:&msalError];
    

Acquiring Your First Token interactively

Swift

#if os(iOS)
	let viewController = ... // Pass a reference to the view controller that should be used when getting a token interactively
	let webviewParameters = MSALWebviewParameters(authPresentationViewController: viewController)
#else
	let webviewParameters = MSALWebviewParameters()
#endif
let interactiveParameters = MSALInteractiveTokenParameters(scopes: scopes, webviewParameters: webviewParameters)
application.acquireToken(with: interactiveParameters, completionBlock: { (result, error) in
                
	guard let authResult = result, error == nil else {
		print(error!.localizedDescription)
		return
	}
                
	// Get access token from result
	let accessToken = authResult.accessToken
                
	// You'll want to get the account identifier to retrieve and reuse the account for later acquireToken calls
	let accountIdentifier = authResult.account.identifier
})

Objective-C

#if TARGET_OS_IPHONE
    UIViewController *viewController = ...; // Pass a reference to the view controller that should be used when getting a token interactively
    MSALWebviewParameters *webParameters = [[MSALWebviewParameters alloc] initWithAuthPresentationViewController:viewController];
#else
    MSALWebviewParameters *webParameters = [MSALWebviewParameters new];
#endif 

MSALInteractiveTokenParameters *interactiveParams = [[MSALInteractiveTokenParameters alloc] initWithScopes:scopes webviewParameters:webParameters];
[application acquireTokenWithParameters:interactiveParams completionBlock:^(MSALResult *result, NSError *error) {
	if (!error)	
	{
		// You'll want to get the account identifier to retrieve and reuse the account
		// for later acquireToken calls
		NSString *accountIdentifier = result.account.identifier;
            
		NSString *accessToken = result.accessToken;
	}
  	else
	{
		// Check the error
	}
}];

Our library uses the ASWebAuthenticationSession for authentication on iOS 12 by default. See more information about default values, and support for other iOS versions.

Silently Acquiring an Updated Token

Swift

guard let account = try? application.account(forIdentifier: accountIdentifier) else { return }
let silentParameters = MSALSilentTokenParameters(scopes: scopes, account: account)
application.acquireTokenSilent(with: silentParameters) { (result, error) in
            
	guard let authResult = result, error == nil else {
                
	let nsError = error! as NSError
                
		if (nsError.domain == MSALErrorDomain &&
			nsError.code == MSALError.interactionRequired.rawValue) {
                    
			// Interactive auth will be required
			return
		}
		return
	}
            
	// Get access token from result
	let accessToken = authResult.accessToken
}

Objective-C

NSError *error = nil;
MSALAccount *account = [application accountForIdentifier:accountIdentifier error:&error];
if (!account)
{
    // handle error
    return;
}
    
MSALSilentTokenParameters *silentParams = [[MSALSilentTokenParameters alloc] initWithScopes:scopes account:account];
[application acquireTokenSilentWithParameters:silentParams completionBlock:^(MSALResult *result, NSError *error) {
    if (!error)
    {
        NSString *accessToken = result.accessToken;
    }
    else
    {
        // Check the error
        if ([error.domain isEqual:MSALErrorDomain] && error.code == MSALErrorInteractionRequired)
        {
            // Interactive auth will be required
        }
            
        // Other errors may require trying again later, or reporting authentication problems to the user
    }
}];

Responding to an Interaction Required Error

Occasionally user interaction will be required to get a new access token, when this occurs you will receive a MSALErrorInteractionRequired error when trying to silently acquire a new token. In those cases call acquireToken: with the same account and scopes as the failing acquireTokenSilent: call. It is recommended to display a status message to the user in an unobtrusive way before invoking interactive acquireToken: call.

For more information, please see MSAL error handling guide.

Microsoft Enterprise SSO plug-in for Apple devices

Microsoft has recently released a new plug-in that uses the newly announced Apple feature called Enterprise Single Sign-On. Microsoft Enterprise SSO plug-in for Apple devices offers the following benefits:

  • Comes delivered in Microsoft Authenticator app automatically and can be enabled by any MDM.
  • Provides seamless SSO for Active Directory joined accounts across all applications that support Apple's Enterprise Single Sign-On feature.
  • COMING SOON: Provides seamless SSO across Safari browsers and applications on the device.

MSAL 1.1.0 and above will use Microsoft Enterprise SSO plug-in automatically instead of the Microsoft Authenticator app when it is active on the device. To use Microsoft Enterprise SSO plug-in in your tenant, you need to enable it in your MDM profile.

See more information about configuring Microsoft Enterprise SSO plug-in for your device here

Single Account Mode

If your app needs to support just one signed-in user at a time, MSAL provides a simple way to read the signed in account. This API must be also used when you are building an application to run on devices that are configured as shared devices - meaning that a single corporate device is shared between multiple employees. Employees can sign in to their devices and access customer information quickly. When they are finished with their shift or task, they will be able to sign-out of all apps on the shared device.

Here is a code snippet that shows how you can retrieve current account. You must call API every time when your app comes to foreground or before performing a sensitive operation to detect any signed-in account changes.

Swift

let msalParameters = MSALParameters()
msalParameters.completionBlockQueue = DispatchQueue.main
                
application.getCurrentAccount(with: msalParameters, completionBlock: { (currentAccount, previousAccount, error) in
            
	// currentAccount is the currently signed in account
	// previousAccount is the previously signed in account if any
})

Objective-C

MSALParameters *parameters = [MSALParameters new];
parameters.completionBlockQueue = dispatch_get_main_queue();
        
[application getCurrentAccountWithParameters:parameters
                             completionBlock:^(MSALAccount * _Nullable account, MSALAccount * _Nullable previousAccount, NSError * _Nullable error)
{
	// currentAccount is the currently signed in account
	// previousAccount is the previously signed in account if any
}];

Multiple Accounts Mode

MSAL also provides a public API to query multiple accounts, granted that they exist in the MSAL cache.

  1. Make sure the umbrella header MSAL-umbrella.h is imported (just MSAL for Swift)

  2. Create config, then use it to initialize an application object

  3. Also initialize MSALAccountEnumerationParameters object with the account identifier. Each MSALAccount object has a parameter called "identifier", which represents the unique account identifier associated with the given MSALAccount object. We recommend using it as the primary search criterion.

  4. Then invoke the API "accountsFromDeviceForParameters" from the application object using the enumeration parameter. If you have multiple accounts in MSAL cache, it will return an array containg MSALAccounts that have the account identifier you specified in the previous step.

  5. Once the MSAL account is retrieved, invoke acquire token silent operation

Swift

#import MSAL //Make sure to import MSAL  

let config = MSALPublicClientApplicationConfig(clientId:clientId
                                           	redirectUri:redirectUri
                                            	authority:authority)
guard let application = MSALPublicClientApplication(configuration: config) else { return }

let accountIdentifier = "9f4880d8-80ba-4c40-97bc-f7a23c703084.f645ad92-e38d-4d1a-b510-d1b09a74a8ca"
let parameters = MSALAccountEnumerationParameters(identifier:accountIdentifier)

var scopeArr = ["https://graph.microsoft.com/.default"]

if #available(iOS 13.0, macOS 10.15, *)
{
	 application.accountsFromDeviceForParameters(with: parameters, completionBlock:{(accounts, error) in
         if let error = error 
         {
            //Handle error
         }
         
         guard let accountObjs = accounts else {return}
         
         let tokenParameters = MSALSilentTokenParameters(scopes:scopeArr, account: accountObjs[0]);
                                                                                                   
         application.acquireTokenSilentWithParameters(with: tokenParameters, completionBlock:{(result, error) in 
                     if let error = error
                     {
                         //handle error
                     }
                                       
                     guard let resp = result else {return} //process result
                                                                                             
         })                                                               
                                                                                                                                                             
   })
  
}

Objective-C

//import other key libraries  
#import "MSAL-umbrella.h" //Make sure to import umbrella file 

    MSALPublicClientApplicationConfig *config = [[MSALPublicClientApplicationConfig alloc] initWithClientId:clientId
     redirectUri:redirectUri
       authority:authority];

    MSALPublicClientApplication *application = [[MSALPublicClientApplication alloc] initWithConfiguration:config error:&error];
    MSALAccountEnumerationParameters *parameters = [[MSALAccountEnumerationParameters alloc] initWithIdentifier:@"9f4880d8-80ba-4c40-97bc-f7a23c703084.f645ad92-e38d-4d1a-b510-d1b09a74a8ca"]; //init with account identifier

    NSArray<NSString *> *scopeArr = [[NSArray alloc] initWithObjects: @"https://graph.microsoft.com/.default",nil]; //define scope

    if (@available(iOS 13.0, macOS 10.15, *)) //Currently, this public API requires iOS version 13 or greater.
    {
        [application accountsFromDeviceForParameters:parameters
                                     completionBlock:^(NSArray<MSALAccount *> * _Nullable accounts, __unused NSError * _Nullable error)
        {
            if (error)
            {
              //Log error & return 
            }
          
            if (accounts)
            {
                NSLog(@"hi there");
                MSALSilentTokenParameters *tokenParameters = [[MSALSilentTokenParameters alloc] initWithScopes:scopeArr account:accounts[0]];

                [application acquireTokenSilentWithParameters:tokenParameters
                                completionBlock:^(MSALResult * _Nullable result, NSError * _Nullable error)
                 {
                    if (error)
                    {
                        //Log Error & return 
                    }
                    if (result)
                    {
                        //process result
                    }
                }
                 ];
            }
     
        }];
    }

Detect shared device mode

Use following code to read current device configuration, including whether device is configured as shared:

Swift

application.getDeviceInformation(with: nil, completionBlock: { (deviceInformation, error) in
                
	guard let deviceInfo = deviceInformation else {
		return
	}
                
	let isSharedDevice = deviceInfo.deviceMode == .shared
	// Change your app UX if needed
})

Objective-C

[application getDeviceInformationWithParameters:nil
                                completionBlock:^(MSALDeviceInformation * _Nullable deviceInformation, NSError * _Nullable error)
{
	if (!deviceInformation)
	{
		return;
	}
            
	BOOL isSharedDevice = deviceInformation.deviceMode == MSALDeviceModeShared;
	// Change your app UX if needed
}];

Implement signout

To signout account from your app, call MSAL's signout API. You can also optionally sign out from the browser. When MSAL is running on a shared device, signout API will signout globally from all apps on user's device.

Swift

let account = .... /* account retrieved above */

let signoutParameters = MSALSignoutParameters(webviewParameters: self.webViewParamaters!)
signoutParameters.signoutFromBrowser = false
            
application.signout(with: account, signoutParameters: signoutParameters, completionBlock: {(success, error) in
                
	if let error = error {
		// Signout failed
		return
	}
                
	// Sign out completed successfully
})

Objective-C

MSALAccount *account = ... /* account retrieved above */;
        
MSALSignoutParameters *signoutParameters = [[MSALSignoutParameters alloc] initWithWebviewParameters:webViewParameters];
signoutParameters.signoutFromBrowser = NO;
        
[application signoutWithAccount:account signoutParameters:signoutParameters completionBlock:^(BOOL success, NSError * _Nullable error)
{
	if (!success)
	{
		// Signout failed
		return;
	}
            
	// Sign out completed successfully
}];

Supported Versions

iOS - MSAL supports iOS 11 and above.

macOS - MSAL supports macOS (OSX) 10.12 and above.

Migrating from ADAL Objective-C

MSAL Objective-C is designed to support smooth migration from ADAL Objective-C library. For detailed design and instructions, follow this guide

Additional guidance

Our wiki is intended to document common patterns, error handling and debugging, functionality (e.g. logging, telemetry), and active bugs. You can find it here.

Community Help and Support

We use Stack Overflow with the community to provide support. We highly recommend you ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before.

If you find a bug or have a feature request, please raise the issue on GitHub Issues.

To provide a recommendation, visit our User Voice page.

Contribute

We enthusiastically welcome contributions and feedback. You can clone the repo and start contributing now.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Security Library

This library controls how users sign-in and access services. We recommend you always take the latest version of our library in your app when possible. We use semantic versioning so you can control the risk associated with updating your app. As an example, always downloading the latest minor version number (e.g. x.y.x) ensures you get the latest security and feature enhanements but our API surface remains the same. You can always see the latest version and release notes under the Releases tab of GitHub.

Security Reporting

If you find a security issue with our libraries or services please report it to secure@microsoft.com with as much detail as possible. Your submission may be eligible for a bounty through the Microsoft Bounty program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting this page and subscribing to Security Advisory Alerts.

License

Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT License (the "License").

Github

link
Stars: 124

Releases

Release MSAL 1.1.13 - 2020-12-04T20:44:23

  • Adding nil check before assigning error when developers try to get account by username from MSALPublicClientApplication, this will help to prevent a crash when passing in nil as error pointer from the API

1.1.12 - 2020-12-03T23:51:35

  • Fixed logic to handle links that open in new tab for embedded webview.
  • accountForUsername from MSALPublicClientApplication will return nil back when username is nil or empty
  • Updated user guide to provide a sample Swift & ObjC code for querying a specific account and return token silently when multiple accounts are present in the cache.
  • Added client-side fix for the known ADFS PKeyAuth issue. (#1150)

1.1.11 - 2020-10-17T01:10:04

  • Added a public API for both iOS and MacOS that returns a default recommended WKWebview configuration settings. This API can be found in MSALWebviewParameters.h, along with an example of usage.
  • Update repo pipelines running on Xcode 12

1.1.10 - 2020-09-21T20:19:00

  • Fixed account filtering logic by accountId or username where accounts are queried from multiple sources (#1100)
  • Fixed isSSOAccount flag on the MSALAccount when MSAL reads accounts from multiple sources (#1100)

1.1.9 - 2020-09-17T05:35:37

Features:

  • Support clearing account cache on signout #1077, #1085
  • Indicate whether SSO extension account is available for device wide SSO (#1065)

Bug fixes:

  • Ignore duplicate certificate authentication challenge in system webview.
  • Normalize account ID for cache lookups (#1084)
  • Fix custom webview bug in MSAL Test MacApp
  • Append 'PkeyAuth/1.0' keyword to the User Agent String to reliably advertise PkeyAuth capability to ADFS.

Engineering changes:

  • Make webview parameters optional in MSALSignoutParameters #1086
  • Add documentation for Proof-of-Possession for Access tokens.
  • Add SSO Seeding call in MSAL Test MacApp
  • Fix grammar in comments.
  • Support bypassing redirect uri validation on macOS (#392)
  • Add swift static lib target to common core to support AES GCM.
  • Enabled XCODE 11.4 recommended settings by default per customer request.
  • Add a flag to disable logger queue.

1.1.8 - 2020-08-25T19:32:43

New features:

  • Expose MSAL SDK Version in public client (#1051)

Fixes:

  • Disabling check for validating result Account.
  • Include redirect uri in body when redeeming refresh token at token endpoint (#1020)
  • Mark RSA public key as extractable (#1049)

Engineering changes:

  • Fix unused parameter errors and add macOS specific test mocks.
  • Move openBroswerResponse code into its operation (#392)
  • Cleanup noisy SSO extension logs (#392)
  • Cleanup main product targets from test files (#1046)
  • Replaced launch image by launch controller and update test app icon with correct size (#1048)
  • Modify MSALRedirectUri and MSALRedirectUriVerifier to use existing methods from common core (#1045)
  • Save PRT expiry interval in cache to calculate PRT refresh interval more reliably (#1019)
  • update new variable in configuration to allow user by pass URI check (#1013)
  • Refactor crypto code for cpp integration and add api to generate ephemeral asymmetric key pair (#1018)
  • update MSAL test app for SSO Seeding flow #1021
  • Update logger from Identity Core. (#1009)

1.1.7 - 2020-07-31T21:49:04

Added

  • New variable in configuration to allow user bypass redirect URI check (#1013)
  • New API to check if compatible AAD broker is available (#1011)

1.1.6 - 2020-07-24T18:16:54

Added

  • Support proof of posession for access tokens (#926)

Fixed

  • Clean up account metadata on account removal (#999)
  • Silent token lookup for guest accounts with different UPNs (#986)

1.1.5 - 2020-06-20T00:54:54

Added

  • Switch to PkeyAuth on macOS (common library #734)
  • Support returning additional WPJ info (#931)

Fixed

  • Fixed PkeyAuth when ADFS challenge is URL encoded (common library #750)
  • Fixed CBA handling in MSAL (common library #751)
  • Fixed failing unit tests on 10.15 (#760)
  • Include correlationID in error response (#908)

1.1.4 - 2020-06-08T18:13:28

  • Fix handling of certificate based authentication challenge.(#945)

1.1.3 - 2020-05-22T19:36:21

Added

  • Support client side telemetry in ESTS requests (#930)

Fixed

  • Add logging for enrollment id mismatch for access tokens (#932)
  • Protect legacy macOS cache when MSAL writes into ADAL cache (common core #729)
  • Fix NTLM crash when window is not key (common core #724)
  • Fixed authority validation for developer known authorities (#913)
  • Pass prompt=login for signed out accounts (#919)
  • Don't require URL scheme registration in Info.plist for app extensions (#914)

1.1.2 - 2020-04-16T02:12:22

  • Support SSO in Safari in AAD SSO extension
  • Additional automation tests for AAD national cloud scenarios
  • Convert access denied error to cancelled on MSAL side (#894)
  • Resolved conflict between initWithParentController API on App Store upload (#893)

1.1.1 - 2020-03-29T00:36:20

  • Fixed macOS cache on 10.15 when App Identifier Prefix is different from TeamId
  • Remove SHA-1 dependency from production library
  • Fixed SSO extension + MSIT MFA
  • Fixed SSO extension swipe down cancellation case
  • Handle http headers coming from iOS broker when it is either a NSDictionary or NSString
  • Updated readme to include information about Microsoft Enterprise SSO plug-in for Apple devices and shared device scenarios (#881)

1.1.0 - 2020-03-19T06:43:43

  • iOS 13 SSO Extension support
  • Support ASWebAuthenticationSession on macOS 10.15
  • Track account sign-in and sign-out state. This makes application scenarios like first time sign-in, sign-out easier to implement.
  • Support global sign out from the device when allowed by the MDM configuration

1.0.7 - 2020-01-28T23:43:52

Fixed

  • Keyed unarchiver deserialization fix for iOS 11.2
  • [Broker patch] Fixed account lookups and validation with the same email (#827)

1.0.0-hotfix2 - 2020-01-28T21:28:36

  • [Broker patch] Keyed unarchiver deserialization fix for iOS 11.2 (#838)

1.0.0-hotfix1 - 2020-01-21T23:43:19

Fixed

  • [Broker patch] Fixed account lookups and validation with the same email (#827)

1.0.6 - 2020-01-02T23:29:31

  • Set mobile content type for the WKWebView configuration (#810)
  • Better error handling for missing broker query schemes (#811)
  • Enable dogfood Authenticator support by default (#812)
  • Optimiza external account writing logic (#813)

1.0.5 - 2019-12-14T01:42:12

Fixed

  • Account lookup fix when no refresh tokens present (#799)

1.0.4 - 2019-12-05T01:42:00

Fixed

  • Fixed external account matching when identifier is not present (#787)

1.0.3 - 2019-11-16T01:11:20

Added

  • Added default implementation for ADAL legacy persistence

Fixed

  • Fixed error logging when MSAL was logging false positives

1.0.2 - 2019-10-29T19:28:40

Fixed

  • Make trustedApps in MSALCacheConfig writable to allow apps sharing keychain on macOS
  • Always write to the data protection keychain on macOS 10.15

1.0.1 - 2019-10-26T00:09:09

Added

  • Support for apps that are present in multiple clouds
  • Better logging when error is created

Fixed

  • Block swipe to dismiss for auth controller
  • Remove arm64e architecture
  • Pass custom keychain group for broker requests

1.0.0 - 2019-09-27T01:57:06

Fixed

  • Return type of the account claims for B2C accounts

Updated

  • MSAL version number is now 1.0.0. MSAL for iOS and macOS is now generally available.

0.8.0 - 2019-09-23T23:06:38

  • Improved Readme.md
  • Added library reference
  • Improved threading behavior around main thread checks
  • Improved behavior when parentViewController is provided

0.7.1 - 2019-09-12T00:51:02

  • Update ACL authorization tag to kSecACLAuthorizationDecrypt for adding trusted applications to keychain items on OSX.

0.7.0 - 2019-09-10T00:50:41

  • iOS 13 support for ASWebAuthenticationSession
  • Support keychain access groups on macOS 10.15

See more info about iOS 13 in a detailed wiki

0.6.0 - 2019-09-04T00:24:44

  • Enable iOS 13 compatible broker
  • Implement ACL control for macOS keychain

Note, when updating to this release, make sure you update your LSApplicationQueriesSchemes in the Info.plist. New value should be:

<array>
    <string>msauthv2</string>
    <string>msauthv3</string>
</array>

This is necessary to compile with Xcode 11.

0.3.5 - 2019-08-08T20:30:49

  • Improve code to allow easy extension for broker SDK

0.5.0 - 2019-08-01T00:22:46

  • Added initial macOS support**
  • Better resolution of authorities for silent token acquisition
  • Added backward compatibility for legacy account storages
  • Added backward compatibility for ADAL macOS cache

** This version of MSAL is the first one that has full macOS support. You're free to start your testing and integration with this version. However, we're planning to add some advanced macOS SSO features in the next MSAL release. If you're planning to take a dependency on those advanced SSO features, you should wait shipping your app to production with MSAL for macOS until the next release, but you can start testing and integration now. If you're using MSAL in a single app, you can ship now.