Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Bug] usage of WithIosKeychainSecurityGroup

See original GitHub issue

Logs and Network traces No relevant errors found in logs.

Which Version of MSAL are you using ?

MSAL 2.6.2

Platform

xamarin iOS

What authentication flow has the issue?

Desktop / Mobile
- Interactive
- Integrated Windows Auth
- Username Password
- Device code flow (browserless)
Web App
- Authorization code
- OBO
Daemon App
- Service to Service calls

Mobile: Username/Password

Other? - please describe;

Is this a new or existing app?

The app is in production. Trying to add MSAL for login using Azure and Facebook.

Repro

//Login
            AuthenticationClient = PublicClientApplicationBuilder.Create(Constants.ClientId)
            .WithIosKeychainSecurityGroup(Constants.IosKeychainSecurityGroups)
            //.WithIosKeychainSecurityGroup("*")
            .WithB2CAuthority(Constants.AuthoritySignin)
            .WithRedirectUri($"msal{Constants.ClientId}://auth")
            //.WithRedirectUri($"https://jwt.ms")
            .Build();

Expected behavior Login using Azure AD or Facebook works as expected.

Actual behavior Login only works in DEV when using .WithIosKeychainSecurityGroup(“*”). This does not work when deployed to the app store. If changed to .WithIosKeychainSecurityGroup(“com.microsoft.adalcache”) or with my identifier, error occurs:

The application does not have keychain access enabled in Entitlements =.plist.

Possible Solution

.WithIosKeychainSecurityGroup(“*”).

Additional context/ Logs / Screenshots Add any other context about the problem here, such as logs and screebshots.

Issue Analytics

State:
Created 2 years ago
Comments:18 (4 by maintainers)

Top GitHub Comments

1reaction

Pabby24commented, May 24, 2021

I was able to get it to work over the weekend and deploy to the store and working in testflight. I kept the wildcard * to pass into iosKeychainSecurityGroup and changed a couple of things:

1 - Added * as a keychain access group in Entitlements file 2 - Changed Bundle signing in project properties to Manual Provisioning instead of Auto

I think #2 may have fixed it as I tried debugging in Release Configuration and noticed VS studio was still using the DEV Provisioning Profile in Release Config.

Hope this helps anyone else with the issue and thanks for the responses!

0reactions

bgavrilMScommented, May 24, 2021

Thanks for the update @Pabby24 . If it’s any consolation, each member of our team also spends a min of 2 days until they get the Apple config working 😃

Top Results From Across the Web

Considerations for using Xamarin iOS with MSAL.NET

When you use the WithIosKeychainSecurityGroup() API, ... If you get an error message similar to "The application cannot access the iOS ...

maui - The keychain access group is not enabled

I have a .Net MAUI app. It authenticates users with MSAL. On iOS, authentication on line AuthenticationResult authResult = await ...

Authenticate your Xamarin applications using ...

This application id will be used to identify and authorize your Xamarin application, which is mandatory to authenticate the users using their ...

[Resolve]-Ios Msal Cannot access keychain group error

I am working on Xamarin app that uses MSAL library to authenticate to Web API that is secured by Azure AD. When I...

Adalcache login keychain password - Erohana

You can set the keychain access group when you create your application by using the WithIosKeychainSecurityGroup() API. To benefit from the cache and...