-
Notifications
You must be signed in to change notification settings - Fork 139
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to obtain custom nonce claim from idToken when Microsoft Authenticator is installed on iOS #1724
Comments
We are using https://github.com/AzureAD/microsoft-authentication-library-for-android for our android application and I can confirm that calling: singleAccountApp.acquireToken(
AcquireTokenParameters
.Builder()
.withPrompt(SELECT_ACCOUNT)
.withAuthorizationQueryStringParameters(listOf(SimpleEntry("nonce", nonce)))
//...
) with the microsoft authenticator installed on device does encode our nonce in the idToken. |
Hello @laideybug, I tried the same on my end and can repro the behavior. I will take a further look into the code and then provide an update. |
This issue has been automatically marked as stale because it has not had recent activity. Please provide additional information if requested. Thank you for your contributions. |
Hi @mipetriu 👋 I was just wondering if you had any updates on this? |
Hello @laideybug. Apologies for the late response. The fix for this is needed in the Authenticator app and I've opened a PR in that repository to address it. I estimate the fix will land in August. |
Thanks for looking at this @mipetriu 🙏 much appreciated 👍 |
Hi team,
Our API expects a nonce value encoded within the
idToken
provided by MSAL. I have attempted to pass the nonce to MSAL via theextraQueryParameters
property. In this case, the resultingidToken
contains the nonce claim only when Microsoft Authenticator is not installed on the device.Interestingly, this method works on Android even with Microsoft Authenticator installed.
What is the prescribed way of passing a custom claim to MSAL that will be encoded within the resulting
idToken
?The text was updated successfully, but these errors were encountered: