B2C Popup on iOS: "My App" Wants to Use "b2clogin.com" to Sign In

Question

After upgrading Microsoft.Identity.Client within Xamarin.Forms from 1.x to 4.x, most things work much the same. However, login to iOS results in a popup that says:

"My App" Wants to Use "b2clogin.com" to Sign In

This allows the app and website to share information about you.

It's OK if user hits continue, but it's hardly seamless.

Supposedly it's associated with iOS 12, but that doesn't seem to be the trigger for me. There's a Microsoft article that says this is actually normal, stating:

On iOS, though, the user might have to give consent for the browser to call back the application, which can be annoying.

I found that it's possible to set .WithUseEmbeddedWebView(true) and this hides the URL as well as removing the popup, and this works with Facebook sign in, but Google sign in is a hard no.

There's the potential path of Universal Links instead of URL Schemes and Associated Domains.

Investigating that path, it appears that I simply need to set the URL https://myapp.b2clogin.com/.well-known/apple-app-site-association with the following JSON:

{
  "webcredentials": {
    "apps": [
      "MYTEAMID.com.mycompany.myapp"
    ]
  }
}

Unfortunately, I don't have control of that URL.

Any other ideas?

Answer 1

The short answer is -- it can't be done today as this alert pop-up is built into the iOS framework. Any authentication provider, library, etc. will trigger this alert if they use the ASWebAuthentication API in iOS

You can choose to use different embedded-browser pop-up APIs which do not cause this alert, however they will have sandboxed cookies and the user may not experience SSO. There is an MSAL docs page which discusses this in a bit more detail:

https://learn.microsoft.com/en-us/azure/active-directory/develop/customize-webviews