Open dora-emo opened 10 months ago
The keychain group is required, see https://learn.microsoft.com/en-us/entra/identity-platform/msal-net-xamarin-ios-considerations
The keychain group is required, see https://learn.microsoft.com/en-us/entra/identity-platform/msal-net-xamarin-ios-considerations
@bgavrilMS how can i disable keychain sharing?
You can't fully disable it. Note that the keychain access group will be prefixed with your TeamID
value, so only apps published by you / your organization can share the keychain value and thus get SSO between them.
If you don't want this, use WithIosKeychainSecurityGroup
to specify a keychain access group unique to your app.
Here's the code that accesses the KeyChain - https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/main/src/client/Microsoft.Identity.Client/Platforms/iOS/iOSTokenCacheAccessor.cs#L18
Read here more about key chain sharing: https://learn.microsoft.com/en-us/entra/identity-platform/msal-net-xamarin-ios-considerations#enable-token-cache-sharing-across-ios-applications
If you don't want this, use WithIosKeychainSecurityGroup to specify a keychain access group unique to your app.
@bgavrilMS Sorry for the additional question.
If i use specify a keychain access group( not the app bundle id) in your app.
App bundle ID : com.dora.emon1
→ Bundle ID of the app to be published
WithIosKeychainSecurityGroup() : com.dora.emon2
→ Dummy bundle ID
Set keychain access group with dummy bundle ID (com.dora.emon2), not App bundle ID
var builder = PublicClientApplicationBuilder .Create(ClientId)
.WithIosKeychainSecurityGroup("com.dora.emon2")
.Build();
Do I have to modify the value in Entitlements.plist to com.dora.emon2
<dict>
<key>keychain-access-groups</key>
<array>
<string>$(AppIdentifierPrefix)com.dora.emon2</string>
</array>
</dict>
After the above steps, the published app is not sharing token cache by com.dora.emon1 keychain?
Library version used
Microsoft.Identity.Client 4.45.0
.NET version
Xamarin.Forms 5.0.0.2515
Scenario
PublicClient - mobile app
Is this a new or an existing app?
This is a new app or experiment
Issue description and reproduction steps
■Follow below site and disable keychain sharing https://learn.microsoft.com/en-us/entra/identity-platform/howto-v2-keychain-objc?tabs=swift#disable-keychain-sharing
In WithIosKeychainSecurityGroup, change the keychain settings with application bundle ID
Delete the definition of keychain-acessgroup in Entitlements.plist
### Question
Relevant code snippets
No response
Expected behavior
No error appears when login or logout
Identity provider
Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)
Regression
No response
Solution and workarounds
No response