Skip to content

An iOS sample in Swift that authenticates Microsoft Account and Azure AD users and calls the Graph API using OAuth 2.0

Notifications You must be signed in to change notification settings

Azure-Samples/ms-identity-mobile-apple-swift-objc

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

page_type languages description urlFragment
sample
swift
The MSAL preview library for iOS and macOS gives your app the ability to begin using the Microsoft Cloud by supporting Microsoft Entra ID and Microsoft Accounts in a converged experience using industry standard OAuth2 and OpenID Connect.
ios-ms-graph-api

MSAL iOS Swift Microsoft Graph API Sample

Build Badge

Getting Started Library API Reference Support

The MSAL library for iOS gives your app the ability to begin using the Microsoft identity platform by supporting Microsoft Entra ID and Microsoft Accounts in a converged experience using industry standard OAuth2 and OpenID Connect. This sample demonstrates all the normal lifecycle your application should experience, including:

  • How to get a token
  • How to refresh a token
  • How to call the Microsoft Graph API
  • How to sign a user out of your application

Scenario

This app is a multi-tenant app meaning it can be used within any Microsoft Entra tenant and also supports signing in with Microsoft Account. It demonstrates how a developer can build apps to connect with enterprise users and access their Azure + O365 data via the Microsoft Graph. During the auth flow, end users will be required to sign in and consent to the permissions of the application, and in some cases may require an admin to consent to the app. The majority of the logic in this sample shows how to auth an end user and make a basic call to the Microsoft Graph.

Topology

How to run this sample

To run this sample, you'll need:

  • Xcode
  • An internet connection

Step 1:

1A: Clone or download this repository

From Terminal:

git clone https://github.com/Azure-Samples/ms-identity-mobile-apple-swift-objc.git

or download and extract the repository.zip file, and navigate to 'MSALiOS.xcworkspace' from the active-directory-ios-swift-native-v2 folder

1B: Installation

Load the podfile using cocoapods. This will create a new XCode Workspace you will load.

From terminal navigate to the directory where the podfile is located

$ pod install
...
$ open MSALiOS.xcworkspace

Step 2: Register your App (Optional)

This app comes pre-configured for testing. If you would like to register your own app, please follow the steps below.

  1. Sign in to the Microsoft Entra Admin Center using either a work or school account.
  2. In the left-hand navigation pane, select the Microsoft Entra ID blade, and then select App registrations.
  3. Click on the New registration button at the top left of the page.
  4. On the app registration page,
    • Name your app
    • Under Supported account types, select Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)
    • Click Register to finish.
  5. After the app is created, you'll land on your app management page. Take note of the Application (client) ID as this would be needed for the step 2B below.
  6. Click Authentication, and add new Redirect URI with type Public client (mobile & desktop). Enter redirect URI in format: msauth.<app_bundle_id>://auth. Replace <app_bundle_id> with the Bundle Identifier for your application.
  7. Hit the Save button in the top left, to save these updates.
  8. Click Make this change for me and then download the code sample for iOS

Step 3: Run the sample

  1. Click the Run Button in the top menu or go to Product from the menu tab and click Run.
  2. Once the sample app launches, click on the 'Call Microsoft Graph API' button to go through the sign in flow and see the results from Microsoft Graph.

How to add MSAL library into your existing Xcode project

Step 1: Configure your application Info.plist

Add URI scheme in the Info.plist. Redirect URI scheme follows the format msauth.[app_bundle_id]. Make sure to substitute [app_bundle_id] with the Bundle Identifier for your application.

<key>CFBundleURLTypes</key>
<array>
  <dict>
    <key>CFBundleURLSchemes</key>
    <array>
      <string>msauth.[app_bundle_id]</string>
    </array>
  </dict>
</array>

Step 2: Configure your application defaults

In your app, add the kClientID variable with your Application (client) ID.

// For example, you can declare a client id in this way. Below ID is just a sample.
    	
let kClientID = "66855f8a-60cd-445e-a9bb-8cd8eadbd3fa"

Add variables with your Microsoft Entra authority and Microsoft Graph endpoint for your national cloud.

let kGraphEndpoint = "https://graph.microsoft.com/"
let kAuthority = "https://login.microsoftonline.com/common"

Other endpoints are documented here. For example, to run the sample with Azure Germany, use following:

let kGraphEndpoint = "https://graph.microsoft.de/"
let kAuthority = "https://login.microsoftonline.de/common"

Step 3: Configure Xcode project settings

Add a new keychain group to your project Signing & Capabilities. The keychain group should be com.microsoft.adalcache on iOS.

Xcode UI displaying how the the keychain group should be set up

Feedback, Community Help, and Support

We use Stack Overflow with the community to provide support. We highly recommend you ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before.

If you find a bug or have a feature request, please raise the issue on GitHub Issues.

To provide a recommendation, visit our User Voice page.

Contribute

This project has adopted the Microsoft Open Source Code of Conduct.

For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Security Library

This library controls how users sign-in and access services. We recommend you always take the latest version of our library in your app when possible. We use semantic versioning so you can control the risk associated with updating your app. As an example, always downloading the latest minor version number (e.g. x.y.x) ensures you get the latest security and feature enhancements but our API surface remains the same. You can always see the latest version and release notes under the Releases tab of GitHub.

Security Reporting

If you find a security issue with our libraries or services please report it to secure@microsoft.com with as much detail as possible. Your submission may be eligible for a bounty through the Microsoft Bounty program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting this page and subscribing to Security Advisory Alerts.

Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT License (the "License");