Closed laughinglion closed 3 years ago
Hello and thanks for your question!
Whenever getAccounts() is invoked or any other situation where the MSAL library needs to get existing Microsoft accounts saved on the user's device, it has two ways of doing it (or only one way if you haven't configured it to use a broker redirect). The first is it tries to use the Microsoft account broker, which in most cases is the Authenticator app. If that fails, the fallback (or this is the first and only thing it does if MSAL is not configured to use a broker) is it tries to use the device's OS to natively get a Microsoft account. In iOS, this is usually Safari, but in Android, it uses the AccountManager API. Making that call requires the READ_CONTACTS permission.
I hope that answers your question!
Curiously enough, when I remove the permission, the login system seems to work fine. But I don't know if there will be any problems down the line. Also the documentation suggests that the AccountManager.getAccounts() needs the GET_ACCOUNTS permission and not the READ_CONTACTS permission.
Not a big issue, just wondering why the permission android.permission.READ_CONTACTS is needed.