search

AzureAD / azure-activedirectory-library-for-objc

The ADAL SDK for Objective C gives you the ability to add support for Work Accounts to your iOS and macOS applications with just a few lines of additional code. This SDK gives your application the full functionality of Microsoft Azure AD, including industry standard protocol support for OAuth2, Web API integration with user level consent, and two factor authentication support.
MIT License
178 stars 113 forks source link

Move from ADALiOS, missing acquireToken with scope or policy #1517

Closed Halfpint-Code closed 4 years ago

Halfpint-Code commented 4 years ago

We are moving from ADALiOS to ADAL due to the iOS13 issue and ADALiOS being deprecated. I have the pod added and building. I've looked into replacing the methods we were using and I don't see any method with scopes or policy. We need the policy.

We were using: [authContext acquireTokenWithScopes: additionalScopes: clientId: redirectUri: identifier: promptBehavior: extraQueryParameters: policy: completionBlock:];

Is there a replacement for this? I didn't see a new method with these parameters.

jasoncoolmax commented 4 years ago

@Halfpint-Code I guess you were using our preview release for B2C. If so, you are recommended to switch to use MSAL to work with B2C. Please refer the following for more details: https://docs.microsoft.com/en-us/azure/active-directory/develop/config-authority#b2c

Halfpint-Code commented 4 years ago

Thanks, I'll give that a try

oldalton commented 4 years ago

Thanks, let us know if you find any issues.

jasoncoolmax commented 4 years ago

Close it because of no response. Please feel free to reopen it if issue persists.

Halfpint-Code commented 4 years ago

Hey, So got big time sidetracked after contacting you guys. Finally getting around to implementing this. I am getting the error:

(lldb) po error 2020-03-04 09:18:27.431739-0600 RemoteInventory[4479:4223872] XPC connection interrupted Error Domain=MSALErrorDomain Code=-50003 "(null)" UserInfo={MSALDeclinedScopesKey=( "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" ), MSALGrantedScopesKey=( "/" ), MSALErrorDescriptionKey=Server returned less scopes than requested, MSALInvalidResultKey=<MSALResult: 0x1c02adb00>}

Myself and our backend developer have both looked into this a little. We found the following link but not sure it helps. https://github.com/AzureAD/microsoft-authentication-library-for-objc/issues/393

Do you know of any settings off-hand that might be affecting this that we should look into?

We are currently using com.microsoft.aad:adal:2.0.1-alpha with no issues right now. If we can get this working on iOS with MSAL, I believe we will likely be updating that as well for consistency.

Thanks

Halfpint-Code commented 4 years ago

Hi, was wondering if you had seen my last comment. I added the error handling when the error happens to try to grab the token silently with the granted scopes as suggested in another link, but there are no granted scopes and it fails again.