Tutorial: Prepare your iOS app for native authentication
This tutorial demonstrates how to add Microsoft Authentication Library (MSAL) native authentication SDK framework to your iOS Swift app.
In this tutorial, you learn how to:
- Add the MSAL framework to an iOS app.
- Create SDK instance.
Prerequisites
- Xcode
- If you haven't already, follow the instructions in Sign in users in sample iOS (Swift) mobile app by using native authentication and register an app in your external tenant. Make sure you complete the following steps:
- Register an application.
- Enable public client and native authentication flows.
- Grant API permissions.
- Create a user flow.
- Associate the app with the user flow.
- iOS project
Add the MSAL framework to an iOS app
- Open your iOS project in Xcode.
- Select Add Package Dependencies... from the File menu.
- Enter
https://github.com/AzureAD/microsoft-authentication-library-for-objcas the Package URL and choose Add Package
For more information and other mechanisms to add MSAL to your project, see the project Readme file.
Create SDK instance
Import the MSAL library into your view controller by adding
import MSALat the top of yourViewControllerclass.Add a
nativeAuthmember variable to yourViewControllerclass by adding the following code just before theviewDidLoad()function:var nativeAuth: MSALNativeAuthPublicClientApplication!Next, add the following code to the
viewDidLoad()function:do { nativeAuth = try MSALNativeAuthPublicClientApplication( clientId: "Enter_the_Application_Id_Here", tenantSubdomain: "Enter_the_Tenant_Subdomain_Here", challengeTypes: [.OOB] ) print("Initialized Native Auth successfully.") } catch { print("Unable to initialize MSAL \(error)") }Replace the following values with the values from the Microsoft Entra admin center:
- Find the
Enter_the_Application_Id_Herevalue and replace it with the Application (client) ID of the app you registered earlier. - Find the
Enter_the_Tenant_Subdomain_Hereand replace it with the Directory (tenant) subdomain. For example, if your tenant primary domain iscontoso.onmicrosoft.com, usecontoso. If you don't have your Directory (tenant) subdomain, learn how to read your tenant details.
- Find the
To build, select the Product > Build in your project’s toolbar.
Optional: Logging configuration
MSAL provides a logging API that you can use to enable and configure logging. To see all debug output from MSAL add the following code at the start of the viewDidLoad() function:
MSALGlobalConfig.loggerConfig.logLevel = .verbose
MSALGlobalConfig.loggerConfig.setLogCallback { logLevel, message, containsPII in
if !containsPII {
print("MSAL: \(message ?? "")")
}
}
This outputs all debug logs from MSAL, which can be helpful in diagnosing issues and learning how the native authentication flows work. To learn more about configuring log levels and best practices see Logging in MSAL for iOS/macOS.
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for