|
| 1 | +--- |
| 2 | +title: Troubleshooting repeated login prompts in iOS MSAL implementation |
| 3 | +description: Provides guidance for troubleshooting repeated login prompts in iOS MSAL implementation |
| 4 | +ms.date: 03/19/2025 |
| 5 | +ms.author: bachoang |
| 6 | +ms.service: entra-id |
| 7 | +ms.custom: sap:Microsoft Entra App Integration and Development |
| 8 | +--- |
| 9 | + |
| 10 | +# Troubleshooting repeated login prompts in iOS MSAL implementation |
| 11 | + |
| 12 | +This article provides guidance for troubleshooting repeated login prompts in an iOS app that uses Microsoft Authentication Library (MSAL). |
| 13 | + |
| 14 | +## Symptoms |
| 15 | + |
| 16 | +You integrate mobile authentication in your iOS app by using the Microsoft Authentication Library (MSAL) SDK. This is done by following the [official tutorial](/azure/active-directory/develop/tutorial-v2-ios). The user is unexpectedly prompted to log in multiple times after the initial login. |
| 17 | + |
| 18 | +## Cause |
| 19 | + |
| 20 | +This issue is typically caused by MSAL web browser configurations that do not allow cookie sharing. |
| 21 | + |
| 22 | +The tutorial uses the MSAL to implement authentication. MSAL SDK library facilitates authentication by renewing tokens automatically. It also enables single sign-on (SSO) between other apps on the device and manages user accounts. |
| 23 | + |
| 24 | +For SSO to function correctly, tokens must be shared between apps. This requires a token cache or a broker application, such as Microsoft Authenticator for iOS. Interactive authentication in MSAL requires a web browser. On iOS, MSAL uses the system web browser by default for interactive authentication. This default setup supports SSO state sharing between the apps. |
| 25 | + |
| 26 | +However, if you customize the browser configuration for authentication, such as by using one of the following options, cookie sharing might not be enabled by default: |
| 27 | + |
| 28 | +| **For iOS only** | **For iOS and macOS** | |
| 29 | +| --- | --- | |
| 30 | +| [ASWebAuthenticationSession](https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession?language=objc) <br> [SFAuthenticationSession](https://developer.apple.com/documentation/safariservices/sfauthenticationsession?language=objc) <br> [SFSafariViewController](https://developer.apple.com/documentation/safariservices/sfsafariviewcontroller?language=objc) | [WKWebView](https://developer.apple.com/documentation/webkit/wkwebview?language=objc) | |
| 31 | + |
| 32 | +To customize the browser, you must allow cookie sharing to prevent repeated login prompts. |
| 33 | + |
| 34 | +## Resolution |
| 35 | + |
| 36 | +To enable cookie sharing and prevent repeated login prompts, use one of the following configurations: |
| 37 | + |
| 38 | +- **ASWebAuthenticationSession in MSAL** + **openURL in Safari browser** (the full Safari browser, not SafariViewController). |
| 39 | +- **SFSafariViewController in MSAL** + **SFSafariViewController in your app**. |
| 40 | +- **WKWebView in MSAL** + **WKWebView in your app**. |
| 41 | + |
| 42 | +For more information, see [Customizing webviews and browsers](/azure/active-directory/develop/customize-webviews). |
| 43 | + |
| 44 | +> [!Note] |
| 45 | +> For Xamarin.iOS, several additional factors need to be considered, including enabling token caching and using Microsoft Authenticator. For more information, see [Xamarin.iOS MSAL considerations](/azure/active-directory/develop/msal-net-xamarin-ios-considerations). |
| 46 | +
|
| 47 | +[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)] |
| 48 | + |
| 49 | + |
0 commit comments