Inspired by Steven Thewissen’s excellent MSAL article, I thought I would share what I have learned about MSAL over the 3+ years I have worked with MSAL and Xamarin. If you’re just getting started, be sure to read Steven’s article, he does a great job covering how to use the tools. This article is a collection of my personal learnings and experience using MSAL in my apps.
Without further ado, here are 6 tips/tricks/facts about MSAL, AAD B2C and Xamarin:
- TIP: Careful with package upgrades!
- I cannot emphasize how important this is, check out the older packages in nuget: https://www.nuget.org/packages/Microsoft.Identity.Client/ the library was in preview for nearly 3 years and I went through the pain of dealing with api changes and behaviour changes. Read the change log carefully!
- FACT: You cannot change the Android webview title from “Sign In” without a custom MSAL build.
- TRICK: Use a JWT parser to check your token expiry, if the token is expired, you can pro-actively refresh it avoiding a round trip.
- System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHander.ReadJwtToken(string token)
- NOTE: do not parse the token for any other purpose https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/do-not#do-not
- TIP: Android devices with older system browsers may have issues loading the sign in webview.
- See compatibility chart here: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Android-system-browser
- TRICK: Careful with exceptions
- MSAL throws an exception when canceling the sign-on, you will likely want to ignore this.
- There are other specific exceptions you will want to gracefully handle: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-handling-exceptions?tabs=dotnet
- TIP: You don’t need your own code to save tokens to secure storage, MSAL does this for you!
- iOS source: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/512d74e972bd4bbee02d7653aa4f2205c860c8cb/src/client/Microsoft.Identity.Client/Platforms/iOS/iOSTokenCacheAccessor.cs
- Android source: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/512d74e972bd4bbee02d7653aa4f2205c860c8cb/src/client/Microsoft.Identity.Client/Platforms/Android/AndroidTokenCacheAccessor.cs
My Implementation
This is roughly what I have used in my last few projects, not exact, I generally use dependency injection and a few other bits. For simplicity’s sake this is a self-contained sample implementation. I would advise using Lazy<T>
for IPublicClientApplication
at the very least in a real life application.
Note: The Secrets
class is generated by Dan Siegel’s excellent mobile build tools.
Your thoughts?
Please let me know your thoughts, tweet at me @dylbot9000. Happy to hear good/bad/ugly/criticisms/suggestions.
Hi, very nice article. I have implemented the B2C login with xamarin forms but facing problem with nav bar / toolbar. How can we change the navigation bar / toolbar for B2C login you have mentioned custom build what does that mean ? is there any other way to achieve it. Thanks for the reply
The perfect article. Very succinct. I believe I’m also joining the band wagon of people who’d want to get rid of the Black Bar on Android that says Sign In on an Embedded Web View and the Cancel / Done buttons on the IOS. Purpose is to give the user a feel that it is through that this is part of the same application.
Could you please guide? Thanks in advance.