how to access Web application which is hosted in Azure MSAL in android webview

Agrawal C, Akash 41 Reputation points
2021-06-25T06:53:35.16+00:00

We are having two application one is deployed in web and secured using msal now we have made another mobile app and we want to access that web application in android mobile app. After successfully authenticating android mobile app i launch web application. It again ask for sign in.
I tried to pass the MSAL Access token in header to webview where website url is loading but nothing changed it again requested for sign in.
Is there a way i can pass MSAL android access token to Web application and access it without again sign in request?

App is in development

Smartphone (please complete the following information):

Pixel
Android 11
-Chrome
2.0+
Stacktrace
No Stack trace.

To Reproduce
Login in mobile app. Open any web app which is msal secured in webview. Pass the access token. even after being part of sso that webapp is asking again sign in

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,394 questions
{count} votes

Accepted answer
  1. singhh-msft 2,431 Reputation points
    2021-06-25T16:35:16.62+00:00

    @Agrawal C, Akash , thank you for reaching out to us. Here is a detailed article How to: Enable cross-app SSO on Android using MSAL about this topic.

    Single sign-on (SSO) allows users to only enter their credentials once and have those credentials automatically work across applications. There are two ways for applications using MSAL for Android to achieve SSO:

    As you are using second option, in it, MSAL supports authorization using a WebView, or the system browser. The image below shows how it looks using the WebView, or the system browser with CustomTabs or without CustomTabs:

    109481-image.png

    If the application uses a WebView strategy without integrating Microsoft Authenticator or Company Portal support into their app, users won't have a single sign-on experience across the device or between native apps and web apps.

    If the application uses MSAL with a broker like Microsoft Authenticator or Intune Company Portal, then users can have a SSO experience across applications if the they have an active sign-in with one of the apps.

    Use this approach to provide a SSO experience through the device's browser. MSAL uses a shared cookie jar, which allows other native apps or web apps to achieve SSO on the device by using the persist session cookie set by MSAL.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" and upvote if the information helped you. This will help us and others in the community as well. Also, do share valuable feedback of your experience with us!


1 additional answer

Sort by: Most helpful
  1. Siva-kumar-selvaraj 15,546 Reputation points
    2021-06-25T16:08:15.243+00:00

    Hi @Agrawal C, Akash ,

    Just make sure that you are not using same access token for two different resource (in our case: Native app & web applications) which is not supported, try to decode Access_Token that you sent in header from https://jwt.ms and make sure aud claim contains ** Identifier or application ID of web application** .

    109471-image.png

    if you see different resource in aud claim then try to get new access token with appropriate aud . To lean more, refer https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens#what-app-is-a-token-for

    Hope this helps.

    ------
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.