Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to obtain custom nonce claim from idToken when Microsoft Authenticator is installed on iOS #1724

Open
laideybug opened this issue May 12, 2023 · 6 comments
Open

Unable to obtain custom nonce claim from idToken when Microsoft Authenticator is installed on iOS #1724

laideybug opened this issue May 12, 2023 · 6 comments
Assignees
@mipetriu
Labels
question

Comments

@laideybug
Copy link

laideybug commented May 12, 2023
edited

Hi team,

Our API expects a nonce value encoded within the idToken provided by MSAL. I have attempted to pass the nonce to MSAL via the extraQueryParameters property. In this case, the resulting idToken contains the nonce claim only when Microsoft Authenticator is not installed on the device.

Interestingly, this method works on Android even with Microsoft Authenticator installed.

        let webViewParameters = MSALWebviewParameters(authPresentationViewController: viewController)
        let parameters = MSALInteractiveTokenParameters(scopes: scopes, webviewParameters: webViewParameters)
        parameters.promptType = .selectAccount
        parameters.extraQueryParameters = ["nonce": nonce]

        applicationContext.acquireToken(with: parameters) { result, error in
            ...
        }

What is the prescribed way of passing a custom claim to MSAL that will be encoded within the resulting idToken?
@laideybug laideybug changed the title Unable to obtain custom nonce claim from idToken when Microsoft Authenticator is installed on device Unable to obtain custom nonce claim from idToken when Microsoft Authenticator is installed on iOS May 15, 2023
@Munzey
Copy link

Munzey commented May 15, 2023

We are using https://github.com/AzureAD/microsoft-authentication-library-for-android for our android application and I can confirm that calling:

singleAccountApp.acquireToken(
        AcquireTokenParameters
          .Builder()
          .withPrompt(SELECT_ACCOUNT)
          .withAuthorizationQueryStringParameters(listOf(SimpleEntry("nonce", nonce)))
          //...
)

with the microsoft authenticator installed on device does encode our nonce in the idToken.

@mipetriu
Copy link
Contributor

Hello @laideybug, I tried the same on my end and can repro the behavior. I will take a further look into the code and then provide an update.

@mipetriu mipetriu self-assigned this May 19, 2023
@stale
Copy link

stale bot commented Jun 18, 2023

This issue has been automatically marked as stale because it has not had recent activity. Please provide additional information if requested. Thank you for your contributions.

@stale stale bot added the stale-issue label Jun 18, 2023
@laideybug
Copy link
Author

Hi @mipetriu 👋 I was just wondering if you had any updates on this?

@stale stale bot removed the stale-issue label Jun 19, 2023
@mipetriu
Copy link
Contributor

mipetriu commented Jul 7, 2023

Hello @laideybug. Apologies for the late response. The fix for this is needed in the Authenticator app and I've opened a PR in that repository to address it. I estimate the fix will land in August.

@laideybug
Copy link
Author

Thanks for looking at this @mipetriu 🙏 much appreciated 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mipetriu mipetriu

Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@laideybug @Munzey @mipetriu