Share via

SSO in IOS with Safari browser

Thushara Manchanayake 1 Reputation point
2021-04-21T12:58:15.147+00:00

Hi,

We have web and mobile clients setup with Azure B2C. When we tested SSO on android device with Chrome browser, it works perfectly. It doesn't ask to provide credential at Mobile app when we have logged in web app. But when we tested same with IOS device with Safari default browser, it asks to provide credential again. Could someone please guide me to get it working on IOS device too.

Thanks,
Thushara Manchanayake.

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2021-04-22T00:03:53.4+00:00

    There are some known issues with Azure AD's Safari compatibility, but the product team has previously stated that the problem is on the Apple product side. The last I heard about this issue, the status is that the Apple team and Microsoft's PG team are working on it but there is nothing that the Microsoft development team can do because there is nothing wrong on Microsoft's side. The issue is that Apple is not properly sending cookies to login.microsoftonline server because of some privacy and security updates.

    There is a workaround in this blog post that may help.

    In the meantime, I will check back with the product team to see if there has been an update around this problem as the original issue was quite old and I'm not sure if your issue is the same (though it does sound similar given your description of the redirection).

    1 person found this answer helpful.
  2. Thushara Manchanayake 1 Reputation point
    2021-04-22T10:21:13.903+00:00

    Hi,

    Thank you for quick reply.

    We are not using ASP.net core to setting up OIDC and we are not having login redirection loop.

    Basically we have Angular client application and Mobile client application, which uses same Azure B2C tenant to login in. Those two different clients are having two different client Ids.

    Angular client uses MSAL-Angular package to login via Azure B2C.

    Mobile application is doing redirection to https://{tenentId}.b2clogin.com/{tenentId}.onmicrosoft.com/b2c_1_signin/oauth2/v2.0/authorize?redirect_uri={mobile-application-scheme}%3A%2F%2Foauth%2Fredirect&client_id={clientId}&response_type=code&state=WKlrRSK5bKGkaxPqOw0Awg&scope=995d4839-c454-48c2-bb07-345af183163f%20openid%20offline_access%20profile&code_challenge={code_challenge}&code_challenge_method=S256 to login in and to get Auth Code

    Problem that we having is, in IOS device, while user have logged into Angular client on Safari browser, when that user tries to login into IOS application via same B2C login via Safari browser, it asks to provide credential again. When we executed same steps in Android with Chrome browser it doesn't ask credential and it does redirection to mobile app with token. It seems like B2C browser session is not shared in between apps in Safari.

    I hops this explain you the problem that we having.

    Thanks
    --Thushara--

    0 comments
  3. Azam Fahmy 1 Reputation point
    2022-06-07T04:01:29.697+00:00

    We had a similar issue with a ReactJS App. We overcame it by opting to use a redirect flow over a pop-up flow. This way the browser session is not lost as with a pop-up. This only requires a small configuration change in your app's Microsoft Login Agent. 

    msalInstance.loginRedirect()
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.