Edit

Migrate Android applications that use a broker from ADAL.NET to MSAL.NET

  • Article

If you have a Xamarin Android app currently using the Azure Active Directory Authentication Library for .NET (ADAL.NET) and an authentication broker, it's time to migrate to the Microsoft Authentication Library for .NET (MSAL.NET).

Prerequisites

Step 1: Enable the broker

Current ADAL code:MSAL counterpart:
In ADAL.NET, broker support is enabled on a per-authentication context basis.

To call the broker, you had to set a useBroker to true in the PlatformParameters constructor:

public PlatformParameters(
        Activity callerActivity,
        bool useBroker)

In the platform-specific page renderer code for Android, you set the useBroker flag to true:

page.BrokerParameters = new PlatformParameters(
        this,
        true,
        PromptBehavior.SelectAccount);

Then, include the parameters in the acquire token call:

AuthenticationResult result =
        await
            AuthContext.AcquireTokenAsync(
                Resource,
                ClientId,
                new Uri(RedirectURI),
                platformParameters)
                .ConfigureAwait(false);
In MSAL.NET, broker support is enabled on a per-PublicClientApplication basis.

Use the WithBroker() parameter (which is set to true by default) to call broker:

var app = PublicClientApplicationBuilder
                .Create(ClientId)
                .WithBroker()
                .WithRedirectUri(redirectUriOnAndroid)
                .Build();

Then, in the AcquireToken call:

result = await app.AcquireTokenInteractive(scopes)
             .WithParentActivityOrWindow(App.RootViewController)
             .ExecuteAsync();

Step 2: Set an Activity

In ADAL.NET, you passed in an activity (usually the MainActivity) as part of the PlatformParameters as shown in Step 1: Enable the broker.

MSAL.NET also uses an activity, but it's not required in regular Android usage without a broker. To use the broker, set the activity to send and receive responses from broker.

Current ADAL code:MSAL counterpart:
The activity is passed into the PlatformParameters in the Android-specific platform. 
page.BrokerParameters = new PlatformParameters(
          this,
          true,
          PromptBehavior.SelectAccount);

In MSAL.NET, do two things to set the activity for Android:

  1. In MainActivity.cs, set the App.RootViewController to the MainActivity to ensure there's an activity with the call to the broker.

    If it's not set correctly, you may get this error: "Activity_required_for_android_broker":"Activity is null, so MSAL.NET cannot invoke the Android broker. See https://aka.ms/Brokered-Authentication-for-Android"

  2. On the AcquireTokenInteractive call, use the .WithParentActivityOrWindow(App.RootViewController) and pass in the reference to the activity you will use. This example will use the MainActivity.

For example:

In App.cs:

   public static object RootViewController { get; set; }

In MainActivity.cs:

   LoadApplication(new App());
   App.RootViewController = this;

In the AcquireToken call:

result = await app.AcquireTokenInteractive(scopes)
             .WithParentActivityOrWindow(App.RootViewController)
             .ExecuteAsync();

Next steps

For more information about Android-specific considerations when using MSAL.NET with Xamarin, see Configuration requirements and troubleshooting tips for Xamarin Android with MSAL.NET.