[BUG] TeamsFxProvider failing to get token silently for logged in user on iOS teams app

[QTom01]

Bug description I am writing a teams tab app using React, MGT and the TeamsFxProvider to access the graph client (via Providers.globalProvider.graph). My app is working normally in all environments (teams web, teams desktop, teams android, new and old versions) except for on the iOS teams app.

On iOS the token is being returned as an empty string, which causes 401 errors when calling the graph API. The app is also prompting to login interactively every time the app is loaded, rather than using some cached token. I initially raised this on stack overflow however after more testing I can only think this is some kind of bug with iOS.

Reproduction steps I have stripped out as much code as possible from our application and tested this still occurs, here is the relevant code that should reproduce the issue: https://github.com/QTom01/teamsfxprovider-ios-repro

Expected behavior On iOS I expect to be able to login once to the app and then have it use the cached token to sign in silently when I refresh the app. I expect my graph requests via the provider to use token and succeed, as it does on other platforms.

Screenshots Here it works fine on android: On teams web (old): On teams web (new): On teams desktop (windows, old): On teams desktop (windows, new): We have also run it on mac desktop with no issues.

On iOS however: Note that the token is empty, this is after signing in manually as it fails to sign in silently:

Environment (please complete the following information):

• OS: iOS 17.1.2, also tested on 16.3. Also tested on iPad, 16.3.1
• Browser: N/A
• Framework: React
• Context: Teams iOS app
• Version:
• Provider: TeamsFxProvider, see config in repo

[QTom01]

I added some further logging to my test app that dumps the sessionStorage to the view and I the only thing that is different is that on all environments except iOS I can see an entry called msal.account.keys, however on iOS this is missing. Not sure if this may be relevant but thought I would mention it here.

[sebastienlevert]

Adding @SLdragon from the Teams toolkit team that contributed the TeamsFxProvider. Is this a known issue @SLdragon?

[QTom01]

According to @SLdragon on stackoverflow (https://stackoverflow.com/a/77677966/4690605) this is a known issue somewhere in MSAL.

Are there any plans for this to be resolved? This seems like a major issue with the TeamsFxProvider and makes it unsuitable for our use as we already have customers using a previous version of our app on iOS, so we have had to revert to using the deprecated TeamsMsal2Provider for now which is far from ideal.

[sebastienlevert]

Can you create an issue on the MSAL repo and reference this issue? We won't be able to fix the issue until the underlying library fixes it. I know there is work to get us a better experience, but nothing specific to iOS. In the meantime, the approach to use the ProxyProvider by @SLdragon is not a bad idea as it would use OBO and would provide the same set of features. The difference being that it requires a middleware infrastructure to handle the calls.

[microsoft-github-policy-service[bot]]

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.