Azure-Samples / ms-identity-mobile-apple-swift-objc

An iOS sample in Swift that authenticates Microsoft Account and Azure AD users and calls the Graph API using OAuth 2.0
https://aka.ms/aaddev
74 stars 37 forks source link

MSAL wrapped iOS app cannot get access token #88

Closed Ryuka2010 closed 1 year ago

Ryuka2010 commented 1 year ago

Background: Our APP is using Azure AD authentication to get user delegate backend API accessing authority while user clicking button of login. The backend API is exposed by application Id URI.

Observation:

  1. the wrapped app can request access token successful when we use scope is "user.read".
  2. the wrapped app cannot request access token and jump to Edge checking organization data access requirement when we use scope is an exposed application ID URI (custom API scope, e.g. api://{client Id}/project-api ). It prompt a message requires install Intune app even it is in Corp own Intune device(MDM). 图片
  3. if we use no wrapped app (scope is api://{client Id}/project-api ), the app will prompt a message that device.login.microsoftonline.com require client cert as below. But if we use wrapped app, it seems the app cannot get require cert and prompt message and jump to Edge. 图片
swasti29 commented 1 year ago

@Ryuka2010 This seems related to the Intune wrapping application, We recommend reaching out to Intune Support and Intune Wrapping Application documentation https://github.com/msintuneappsdk/intune-app-wrapping-tool-ios