[Bug] MSAL .NET versions < 4.5.0 do not support system browser on iOS 13

Edit to original post

If you are using the system browser with iOS 13, please update to MSAL.NET 4.5.0, which uses the required presentation context when authenticating on system browser with iOS 13.

If you are not using 4.5.0+, you will run into the issue listed below:

Starting with iOS 13, when authenticating using the system browser, MSAL .NET is required to provide a presentation context when using ASWebAuthenticationSession. Apple added multi-window support, and therefore they need to specifically know where to present the context (this is a breaking change).

In iOS 12, the AuthenticationSession API was iOS only and apps drew into a single window. However, now, with iPadiOS and macOS support, MSAL .NET will need to give the session a presentationContextProvider, and that presentationContextProvider will provide a window via the PresentationAnchor method.

Customer impact

Your app is impacted if all of the below are true:

• You have a Xamarin iOS App, and
• You are targeting iOS 13+, and
• You use system browser (default in MSAL .NET) for interactive authentication
• You are using a version lower then 4.5.0 of MSAL .NET

Workaround

• Update to MSAL.NET 4.5.0, or higher, which includes the necessary fixes for handling the presentation context on iOS 13.

Or,

• Use the embedded webview. Please see the documentation on enabling the embedded webview on Xamarin iOS

Example:

AuthenticationResult authResult;
authResult = app.AcquireTokenInteractively(scopes)
                .WithUseEmbeddedWebView(true)
                .ExecuteAsync();

Notable Concerns Regarding the Workaround to Use the Embedded Webview

• Caution when targeting B2C using embedded webview and Google auth
• Loss of SSO The great benefit of the system browser, and the reason why it is used by default in MSAL .NET, is the sharing of the SSO state with other applications and with web applications without needing a broker. More information provided here on SSO and the system browser

========

Original Post

Which Version of MSAL are you using ? MSAL 4.4.0 (also occurs in 4.3.1)

Platform Xamarin iOS

What authentication flow has the issue?

• Desktop / Mobile
  • [X ] Interactive
  • Integrated Windows Auth
  • Username Password
  • Device code flow (browserless)
• Web App
  • Authorization code
  • OBO
• Web API
  • OBO

Other? - please describe;

Is this a new or existing app? The app is in production, and works fine on physical iOS devices (on both iOS 12.x and 13.0). I have upgraded my iPhone emulator to iOS 13, and that is where the issue occurs. Everything still works fine in iOS 12.2 on the emulator.

Repro

                    AuthenticationResult ar = await App.PCA.AcquireTokenInteractive(App.Scopes)
                        .WithAccount(Utils.GetAccountByPolicy(accounts, App.PolicySignUpSignIn))
                        .WithParentActivityOrWindow(App.ParentActivityOrWindow)
                        .ExecuteAsync();

Expected behavior Authentication process initiates

Actual behavior Immediately returns “authentication_canceled”

Possible Solution

Additional context/ Logs / Screenshots