Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,655 questions
how to access Web application which is hosted in Azure MSAL in android webview
Agrawal C, Akash
41
Reputation points
We are having two application one is deployed in web and secured using msal now we have made another mobile app and we want to access that web application in android mobile app. After successfully authenticating android mobile app i launch web application. It again ask for sign in.
I tried to pass the MSAL Access token in header to webview where website url is loading but nothing changed it again requested for sign in.
Is there a way i can pass MSAL android access token to Web application and access it without again sign in request?
App is in development
Smartphone (please complete the following information):
Pixel
Android 11
-Chrome
2.0+
Stacktrace
No Stack trace.
To Reproduce
Login in mobile app. Open any web app which is msal secured in webview. Pass the access token. even after being part of sso that webapp is asking again sign in
{count} votes
-
singhh-msft 2,381 Reputation points
2021-06-25T13:43:58.037+00:00 @Agrawal C, Akash , thank you for reaching out to us. I would suggest you to check out SSO through system browser. To use the in-app WebView, put the following line in the app configuration JSON that is passed to MSAL:
"authorization_user_agent" : "WEBVIEW"Also, do check out two ways for applications using MSAL for Android to achieve SSO. Let me know if this helps you.
Hi @HarshitaSingh-MSFT Thanku for looking into the issue. We are able to login into our application and we are using default as auth_user_agent and its opening a webview.
Login through webview is not an issue. But after login we are opening other websites in webview inside our application. Those website should provide the Single Sign On experience. we already logged in our native application and other website are loading inside application so sign-in page should not come.
@Agrawal C, Akash , got it. If the application uses a
WebViewstrategy without integrating Microsoft Authenticator or Company Portal support into their app, users won't have a single sign-on experience across the device or between native apps and web apps.If the application uses MSAL with a broker like Microsoft Authenticator or Intune Company Portal, then users can have a SSO experience across applications if the they have an active sign-in with one of the apps.
Use this approach to provide a SSO experience through the device's browser. MSAL uses a shared cookie jar, which allows other native apps or web apps to achieve SSO on the device by using the persist session cookie set by MSAL. Let me know if this helps you.
Thanku @HarshitaSingh-MSFT this is what i was looking for. Our app is yet to deploy in Intune and also we have to add intune sdk. As per above once we will be able to integrate from Intune sdk we should be able to experience the SSO throughout the app.
Yes, let me know if this answers your question or not.
I will post it as an answer, if it does, so that other community members with same query can be benefitted.
@HarshitaSingh-MSFT yes. this is the answer of my question. You can post it as an answer.
Sign in to comment
@Agrawal C, Akash , thank you for reaching out to us. Here is a detailed article How to: Enable cross-app SSO on Android using MSAL about this topic.
Single sign-on (SSO) allows users to only enter their credentials once and have those credentials automatically work across applications. There are two ways for applications using MSAL for Android to achieve SSO:
As you are using second option, in it, MSAL supports authorization using a
WebView, or thesystem browser. The image below shows how it looks using the WebView, or the system browser with CustomTabs or without CustomTabs:If the application uses a
WebViewstrategy without integrating Microsoft Authenticator or Company Portal support into their app, users won't have a single sign-on experience across the device or between native apps and web apps.If the application uses MSAL with a broker like Microsoft Authenticator or Intune Company Portal, then users can have a SSO experience across applications if the they have an active sign-in with one of the apps.
Use this approach to provide a SSO experience through the device's browser. MSAL uses a shared cookie jar, which allows other native apps or web apps to achieve SSO on the device by using the persist session cookie set by MSAL.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" and upvote if the information helped you. This will help us and others in the community as well. Also, do share valuable feedback of your experience with us!
@Agrawal C, Akash , do share feedback of your experience with us!
Sign in to comment
1 additional answer
Sort by: Most helpful
Hi @Agrawal C, Akash ,
Just make sure that you are not using same access token for two different resource (in our case: Native app & web applications) which is not supported, try to decode Access_Token that you sent in header from https://jwt.ms and make sure
audclaim contains ** Identifier or application ID of web application** .if you see different resource in
audclaim then try to get new access token with appropriateaud. To lean more, refer https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens#what-app-is-a-token-forHope this helps.
------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Hi @sikumars-msft web application is not accepting token. That web application is accepting cookie jar. even we will get new access token it will not be accepted by website as website only accepting cookie jar as authentication.
Sign in to comment
Activity