7

We are using https://github.com/AzureAD/azure-activedirectory-library-for-objc to enable Azure AD login for our native iOS app.

We have a webpage (javascript) which also uses ADAL.js to enable Azure AD login (same AD) for SSO.

Now, suppose a user is already logged in to the iOS app and then the user clicks on a the webpage link from within the iOS app, then the webpage opens in Safari but the user is asked to enter his credentials again instead of using the iOS app session.

How can SSO be enforced between native iOS app and webpage in browser?

If iOS app is able to pass the id_token to the webpage as a url parameter, how can we validate and use the same session from the webpage (javascript)?

Any help is greatly appreciated.

Thanks.

Avinash Sonee
  • 1,701
  • 2
  • 15
  • 17
  • You cannot pass the token because the web page is a different application. You should be able to use [brokered authentication](https://learn.microsoft.com/en-au/azure/active-directory/develop/howto-v1-enable-sso-ios) to make use of SSO via the Microsoft Authenticator app – Paulw11 Aug 24 '18 at 12:29
  • Thank you. Even though the webpage is a different application, we'll use the same appId/clientId across both iOS native app and the webpage. – Avinash Sonee Aug 25 '18 at 07:57
  • Although I didn't use ADAL, the problem you describe seems to be due to idp cookie being transient cookie instead of persistent cookie. Maybe tries finding ways to make ADAL using persistent cookie? – Ng Sek Long Sep 03 '18 at 01:34
  • If it is a new website your developping you should use MSAL instead of ADAL. It is the most up-to-date library from Microsoft. It is a preview but suitable for production. https://github.com/AzureAD/microsoft-authentication-library-for-js – bN_ Dec 19 '18 at 15:36
  • Looking for a simillary solution on both Android and iOS. However, i have not found any documentation or solution that can share cookies/accessToken/id_token between Native and browser ever with the new MSAL libarary. – hirenhcm May 17 '20 at 08:06
  • Something worth looking into... Will try from my end and update here - https://blogs.aaddevsup.xyz/2019/11/why-am-i-getting-a-login-request-after-initial-login-using-ios-msal/ – hirenhcm May 17 '20 at 08:21

0 Answers0