[Feature Request] Make MSAL.NET compatible with MAUI

[SameerK-MSFT]

Initial PR to add support: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/pull/3262

• [x] Add Android and iOS support first
• [x] Fix the CI build as well
• [x] Manual testing Android and iOS scenarios (embedded, system and broker)
• [x] Update xamarin sample

At this point it we should be able to do a partial release with MAUI support for mobile.

• ~[ ] MacCatalyst support (embedded, system and broker (?) scenario)~ CUT.

MSAL ObjC does not have MacCatalyst support, we will need to coordinate with them on this. Should not block GA of MAUI mobile targets.

• [x] Net6 (WinUI) support (embedded, system, broker)
• [x] Update sample ~with MacCatalyst and~ WinUI
• [ ] Automation tests for ios and android

Maui Status can be found here: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/main/MauiStatus.md

[bgavrilMS]

Blocked by MAUI previews

[xperiandri]

Could you release a preview package targeting net6.0-android/net6.0-ios/net6.0-macos/net6.0-maccatalyst? Just add that targets and create an appropriate package

[xperiandri]

Build with latest preview

[bgavrilMS]

.net6.0-android should be compatible with our current target. .net6.0-ios is undergoing breaking changes and we will need to fix later on. Currently broken. We have not yet tested with mac, but should work.

[ViktorArbuzov]

using this package into MAUI project, can't deploy to remote mac because of this

[bgavrilMS]

PR out with some changes, needs review and following changes:

1. no net6-windows10.xyz target is needed
2. Update MacCatalyst KeyChain access (see action item on PR)
3. Build changes
4. Optional: Drop older monoandroid 9 support.
5. More testing with embedded / system browser and broker.
6. Update our Xamarin samples.

[emorell96]

Is this coming soon? MAUI is in RC1 already. Thanks!

[bgavrilMS]

Yes, there is PR out which provides some support. We've got some trouble on MacCatalyst and also we need to do more testing.

[ViktorArbuzov]

@bgavrilMS If this is possible, could you please help me to build the dll from the PR? Our project really need's iOS. Thanks!

[bgavrilMS]

@ViktorArbuzov - if you pull this branch, then edit Microsoft.Identity.Client.csproj and comment out any targets you do not care about (I'd leave at least 2 though), it should build fine. I can get it to build with VS 2022 Preview or via the command line. I recommend you build only Microsoft.Identity.Client.csproj, as the solution files have a ton of tests and sample apps that you don't care about.

If you want to pack this into a nuget and use it, you may want to change the version property in the same file. Then dotnet pack.

[igalfsg]

@SameerK-MSFT @bgavrilMS is there an update on this feature?

[bgavrilMS]

We're hoping to release mobile support soon. Problem we're facing is that ecosystem (VS, AzureDevOps agents etc.) do not support it natively, need to do some build work.

[lnaie]

Exciting. When is it gonna be dished out?

[Jeremywhiteley]

Any idea on when this will be fixed?

[nickrandolph]

Any update on this issue?

[VladislavAntonyuk]

@nickrandolph @lnaie @Jeremywhiteley if you need it right now, you can build it from the PR, using dotnet pack.

[nickrandolph]

yeh but we're building libraries for other people that depend on MSAL. Not having net6 support is a bit of an oversight but I get why it was overlooked/delayed given the rushed nature of net6 mobile.

[bgavrilMS]

We found some problems (missing API) on mobile, which would prevent system browser and broker scenarios. We are discussing this with Maui team.

On a positive note, I tested WinUI and it works well with MSAL 4.44 (already released). No changes needed.

@SameerK-MSFT - please keep this thread updated with progress / blockers etc. Some of the folks here might be able to help.

[jeromelaban]

@bgavrilMS could you tell which API is missing? Is it an API specific to MAUI or to net6.0-ios or net6.0-android ?

[bgavrilMS]

Following API is missing from AppDelegate on iOS.

public override bool OpenUrl(UIApplication app, NSUrl url, string sourceApplication, NSObject annotation)

This hook is implemeted by the app developer like here. MSAL uses to this to know if the broker was used or not - see here. We haven't looked into this too much, as this sourceApplication param isn't anyway supported on iOS 13+ (it's empty), so maybe it's not an issue to always ignore it?

The Maui team recommended we use https://gist.github.com/Redth/5be697ac7e75e8d47c26deea83fbc3d0

@SameerK-MSFT is working on this, so pls take my words with a grain of salt...

[jeromelaban]

@bgavrilMS Thanks. To clarify, are your new changes still going to be including a non-maui net6.0-ios package?

[bgavrilMS]

What do you mean by non-maui "net6-ios" package? I thought MAUI means net6-ios, net6-android, net6-maccatalyst

Note that MSAL fully supports the vanilla net6 target, e.g. confidential client scenarios and public client desktop scenarios (including WinUI).

[jeromelaban]

MAUI is a layer on top of the Android/iOS/Catalyst bindings (net6.0-android, net6.0-ios and others). Making a "native" (non-MAUI) app is possible (e.g. Uno Platform uses that specific part) and if you add an explicit dependency to MAUI nuget packages in MSAL, this will become breaking for those frameworks and apps.

[VladislavAntonyuk]

Following API is missing from AppDelegate on iOS.

public override bool OpenUrl(UIApplication app, NSUrl url, string sourceApplication, NSObject annotation)

This hook is implemeted by the app developer like here. MSAL uses to this to know if the broker was used or not - see here. We haven't looked into this too much, as this sourceApplication param isn't anyway supported on iOS 13+ (it's empty), so maybe it's not an issue to always ignore it?

The Maui team recommended we use https://gist.github.com/Redth/5be697ac7e75e8d47c26deea83fbc3d0

@SameerK-MSFT is working on this, so pls take my words with a grain of salt...

it exists: https://github.com/dotnet/maui/blob/0872cbc326ea8230c24c075d2f98b3195df69765/src/Core/src/Platform/iOS/MauiUIApplicationDelegate.cs#L80

[francoistanguay]

MAUI is a layer on top of the Android/iOS/Catalyst bindings (net6.0-android, net6.0-ios and others). Making a "native" (non-MAUI) app is possible (e.g. Uno Platform uses that specific part) and if you add an explicit dependency to MAUI nuget packages in MSAL, this will become breaking for those frameworks and apps.

MAUI != net6 for iOS/Android/Catalyst

just like

Blazor != net6 for WebAssembly

I really wish naming/marketing would support this narrative to bring clarity to developers.

[bgavrilMS]

Following API is missing from AppDelegate on iOS.

public override bool OpenUrl(UIApplication app, NSUrl url, string sourceApplication, NSObject annotation)

This hook is implemeted by the app developer like here. MSAL uses to this to know if the broker was used or not - see here. We haven't looked into this too much, as this sourceApplication param isn't anyway supported on iOS 13+ (it's empty), so maybe it's not an issue to always ignore it? The Maui team recommended we use https://gist.github.com/Redth/5be697ac7e75e8d47c26deea83fbc3d0 @SameerK-MSFT is working on this, so pls take my words with a grain of salt...

it exists: https://github.com/dotnet/maui/blob/0872cbc326ea8230c24c075d2f98b3195df69765/src/Core/src/Platform/iOS/MauiUIApplicationDelegate.cs#L80

Notice how it does not have the string sourceApplication param (which was deprecated by Apple in ios 13)

[bgavrilMS]

MAUI is a layer on top of the Android/iOS/Catalyst bindings (net6.0-android, net6.0-ios and others). Making a "native" (non-MAUI) app is possible (e.g. Uno Platform uses that specific part) and if you add an explicit dependency to MAUI nuget packages in MSAL, this will become breaking for those frameworks and apps.

The only dependencies I see are:

<PackageReference Include="System.Security.SecureString" Version="4.3.0" />
<PackageReference Include="Xamarin.AndroidX.Browser" Version="1.4.0" PrivateAssets="All" />

(not sure why we depdend on SecureString, I think it needs to go)

[jeromelaban]

The only dependencies I see are:

<PackageReference Include="System.Security.SecureString" Version="4.3.0" />
<PackageReference Include="Xamarin.AndroidX.Browser" Version="1.4.0" PrivateAssets="All" />

(not sure why we depdend on SecureString, I think it needs to go)

This should be good then, thank you! I was mentioning this because of the changes that would be required for the appdelegate, but those are likely to be documentation changes.

[joker109]

@bgavrilMS Is it working in iOS by using the MauiBuilder extension method as recommended by the MAUI team.

[kzryzstof]

This comment is a follow-up to changes I observed after upgrading the package to 4.45 for my net6-ios application (non-MAUI).

I used to have a hard crash when I used 4.43 as described in the issue 3272.

Now I get a surprising exception related to the redirect URI parameter:

MSAL.NetCore.4.45.0.0.MsalClientException: 
    ErrorCode: loopback_redirect_uri
Microsoft.Identity.Client.MsalClientException: Only loopback redirect uri is supported, but **msal<app_id>//auth/** was found. Configure http://localhost or http://localhost:port both during app registration and when you create the PublicClientApplication object. See https://aka.ms/msal-net-os-browser for details
   at Microsoft.Identity.Client.Platforms.Shared.Desktop.OsBrowser.DefaultOsBrowserWebUi.UpdateRedirectUri(Uri )
   at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.FetchAuthCodeAndPkceInternalAsync(IWebUI , CancellationToken )
   at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.FetchAuthCodeAndPkceVerifierAsync(CancellationToken )
   at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.GetTokenResponseAsync(CancellationToken )
   at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.ExecuteAsync(CancellationToken )
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken )
   at Microsoft.Identity.Client.ApiConfig.Executors.PublicClientExecutor.ExecuteAsync(AcquireTokenCommonParameters , AcquireTokenInteractiveParameters , CancellationToken )

Since I am using Azure B2C, I can't use localhost as it is not supported.

But, what makes this error even more suspicious is that the static class AuthenticationContinuationHelper can't be found even though the Microsoft.Identity.Client NuGet package is referenced:

With the current state of things related to the issue and the changes made, is that expected?

And to make it clear like others did, I am not using MAUI. It is a xamarin.ios application that been migrated to .net6-ios :)

[bgavrilMS]

@kzryzstof - since we haven't managed to add net6-ios support to MSAL, nuget will choose MSAL's netcore2.1 implementation in your app. In this implementation we use a desktop system browser (based on http://localhost redirect uri). So that explains the error and why AuthenticationContinuationHelper does not work.

[kzryzstof]

@bgavrilMS Understood :) Thank you for the quick reply! I assume I still have to wait a bit for the team to add .net6-ios support to MSAL then...

[joker109]

We need to use Azure AD authentication in our .net MAUI app targeting iOS. Is there any alternative way to achieve that without using MSAL?

We are on a tight schedule. Any help is appreciated.

[RichardMarsh]

We need to use Azure AD authentication in our .net MAUI app targeting iOS. Is there any alternative way to achieve that without using MSAL?

We are on a tight schedule. Any help is appreciated.

Same here. Any feedback or timeline on this would be greatly appreciated.

[xperiandri]

Is there any alternative way to achieve that without using MSAL?

https://github.com/IdentityModel/IdentityModel.OidcClient

[bgavrilMS]

Yes, AAD is fully compliant with OAuth 2 and Open ID Connect standards. Any lib implementing the standard will work. MSAL does a bunch of extra things like token caching, managing refresh tokens, interacts with Authenticator etc.

[VladislavAntonyuk]

MAUI has WebAuthenticator which you can use to achieve the same.

[anpin]

MAUI has WebAuthenticator which you can use to achieve the same.

But it doesn't work on Windows yet https://github.com/dotnet/maui/issues/2702

Since MAUI is GA we need solution for all target platforms

[SameerK-MSFT]

sameerk/Maui_CI branch now supports iOS and Android. Note: this branch is still in development. It has two devapp samples (i.e. the samples directly reference the project). There is no nuget package. It has not been tested with other platforms. The instructions to run the samples are provided here. Please check and let us know how it goes.

[nickrandolph]

@SameerK-MSFT can you please include sample net6-iOS and net6-android applications that are not Maui applications - this library should be agnostic from the UI framework, so it'd be clearer to have samples that demonstrate that it can be used in non-Maui scenarios.

[bgavrilMS]

@nickrandolph - we will leave this as an exercise for you. MSAL does not reference anything that is UI specific. I am not sure how popular non-Maui applications, for now we are focusing on Maui. I think one of our internal partners already tried stand-alone ios and it worked fine.

[nickrandolph]

@bgavrilMS this makes no sense - Maui is a UI library that sits on top of .NET for iOS/Android/WinUI. It would be better for dev/testing of the library to be done without taking the dependency on Maui. There are other stable frameworks such as Avalonia and Uno that are will rely on this capabilities (and are currently blocked from shipping on net6 because of the lack of support!)

[bgavrilMS]

Thanks @nickrandolph. We are not mobile experts, but my hypothesis is that MAUI is the first priority. MSAL will not take any dependencies on MAUI or on UI, except for the browser component on Android (see the PR associated, look at the csproj file). We do not have the capacity of testing Avalonia and Uno but will prioritize any bugs you may find.

[nickrandolph]

Thanks for the response - do you have a rough eta on when we're likely to see these changes being merged?

[bgavrilMS]

We'd like to have a preview package out by end of this week, hopefully in a day or two.

[VladislavAntonyuk]

The project doesn't depend on .NET MAUI until you add <UseMaui>true</UseMaui> or any other .NET MAUI packages. If you talking about the draft PR, it only adds new target frameworks.

[mrDenning]

Does the preview release released today include this fix / feature?

[joker109]

@mrDenning , We are not able to find any preview release yet.

Does the preview release released today include this fix / feature?

[bgavrilMS]

We are still working on this and have not released a preview. Getting our CI to build with these new targets is proving challenging. The PR has been merged; we need to do some testing before pushing it to nuget.

[SameerK-MSFT]

The preview release "4.46.0-preview2" is uploaded on the NuGet. Also, you can find more information about how to use it, known limitations etc. here