| title | Enable iOS Swift mobile application options by using Azure Active Directory B2C | ||
|---|---|---|---|
| description | This article discusses several ways to enable iOS Swift mobile application options by using Azure Active Directory B2C. | ||
| author | kengaderdus | ||
| manager | CelesteDG | ||
| ms.service | azure-active-directory | ||
| ms.topic | how-to | ||
| ms.date | 01/11/2024 | ||
| ms.author | kengaderdus | ||
| ms.subservice | b2c | ||
| ms.custom |
|
[!INCLUDE active-directory-b2c-end-of-sale-notice-b]
This article describes ways you can enable, customize, and enhance the Azure Active Directory B2C (Azure AD B2C) authentication experience for your iOS Swift application.
Before you start, familiarize yourself with the following articles:
- Configure authentication in a sample iOS Swift app by using Azure AD B2C
- Enable authentication in your own iOS Swift app by using Azure AD B2C
[!INCLUDE active-directory-b2c-app-integration-custom-domain]
To use a custom domain and your tenant ID in the authentication URL, do the following:
- Follow the guidance in Enable custom domains.
- Update the
kAuthorityHostNameclass member with your custom domain. - Update the
kTenantNameclass member with your tenant ID.
The following Swift code shows the app settings before the change:
let kTenantName = "contoso.onmicrosoft.com"
let kAuthorityHostName = "contoso.b2clogin.com" The following Swift code shows the app settings after the change:
let kTenantName = "00000000-0000-0000-0000-000000000000"
let kAuthorityHostName = "login.contoso.com" [!INCLUDE active-directory-b2c-app-integration-login-hint]
- If you're using a custom policy, add the required input claim, as described in Set up direct sign-in.
- Look for your Microsoft Authentication Library (MSAL) configuration object, and then add the
withLoginHint()method with the login hint.
let parameters = MSALInteractiveTokenParameters(scopes: kScopes, webviewParameters: self.webViewParameters!)
parameters.promptType = .selectAccount
parameters.authority = authority
parameters.loginHint = "[email protected]"
// More settings here
applicationContext.acquireToken(with: parameters) { (result, error) in
...[!INCLUDE active-directory-b2c-app-integration-domain-hint]
- Check the domain name of your external identity provider. For more information, see Redirect sign-in to a social provider.
- Create or use an existing list object to store extra query parameters.
- Add the
domain_hintparameter with the corresponding domain name to the list (for example,facebook.com). - Pass the extra query parameters list into the MSAL configuration object's
extraQueryParametersattribute.
let extraQueryParameters: [String: String] = ["domain_hint": "facebook.com"]
let parameters = MSALInteractiveTokenParameters(scopes: kScopes, webviewParameters: self.webViewParameters!)
parameters.promptType = .selectAccount
parameters.authority = authority
parameters.extraQueryParameters = extraQueryParameters
// More settings here
applicationContext.acquireToken(with: parameters) { (result, error) in
...[!INCLUDE active-directory-b2c-app-integration-ui-locales]
- Configure language customization.
- Create or use an existing list object to store extra query parameters.
- Add the
ui_localesparameter with the corresponding language code to the list (for example,en-us). - Pass the extra query parameters list into the MSAL configuration object's
extraQueryParametersattribute.
let extraQueryParameters: [String: String] = ["ui_locales": "en-us"]
let parameters = MSALInteractiveTokenParameters(scopes: kScopes, webviewParameters: self.webViewParameters!)
parameters.promptType = .selectAccount
parameters.authority = authority
parameters.extraQueryParameters = extraQueryParameters
// More settings here
applicationContext.acquireToken(with: parameters) { (result, error) in
...[!INCLUDE active-directory-b2c-app-integration-custom-parameters]
- Configure the ContentDefinitionParameters element.
- Create or use an existing list object to store extra query parameters.
- Add the custom query string parameter, such as
campaignId. Set the parameter value (for example,germany-promotion). - Pass the extra query parameters list into the MSAL configuration object's
extraQueryParametersattribute.
let extraQueryParameters: [String: String] = ["campaignId": "germany-promotion"]
let parameters = MSALInteractiveTokenParameters(scopes: kScopes, webviewParameters: self.webViewParameters!)
parameters.promptType = .selectAccount
parameters.authority = authority
parameters.extraQueryParameters = extraQueryParameters
// More settings here
applicationContext.acquireToken(with: parameters) { (result, error) in
...[!INCLUDE active-directory-b2c-app-integration-id-token-hint]
- In your custom policy, define an ID token hint technical profile.
- In your code, generate or acquire an ID token, and then set the token to a variable (for example,
idToken). - Create or use an existing list object to store extra query parameters.
- Add the
id_token_hintparameter with the corresponding variable that stores the ID token. - Pass the extra query parameters list into the MSAL configuration object's
extraQueryParametersattribute.
let extraQueryParameters: [String: String] = ["id_token_hint": idToken]
let parameters = MSALInteractiveTokenParameters(scopes: kScopes, webviewParameters: self.webViewParameters!)
parameters.promptType = .selectAccount
parameters.authority = authority
parameters.extraQueryParameters = extraQueryParameters
// More settings here
applicationContext.acquireToken(with: parameters) { (result, error) in
...[!INCLUDE active-directory-b2c-app-integration-logging]
The MSAL logger should be set as early as possible in the app launch sequence, before any MSAL requests are made. Configure MSAL logging in the AppDelegate.swift application method.
The following code snippet demonstrates how to configure MSAL logging:
func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {
MSALGlobalConfig.loggerConfig.logLevel = .verbose
MSALGlobalConfig.loggerConfig.setLogCallback { (logLevel, message, containsPII) in
// If PiiLoggingEnabled is set YES, this block will potentially contain sensitive information (Personally Identifiable Information), but not all messages will contain it.
// containsPII == YES indicates if a particular message contains PII.
// You might want to capture PII only in debug builds, or only if you take necessary actions to handle PII properly according to legal requirements of the region
if let displayableMessage = message {
if (!containsPII) {
#if DEBUG
// NB! This sample uses print just for testing purposes
// You should only ever log to NSLog in debug mode to prevent leaking potentially sensitive information
print(displayableMessage)
#endif
}
}
}
return true
}Web browsers are required for interactive authentication. By default, the MSAL library uses the system web view. During sign-in, the MSAL library pops up the iOS system web view with the Azure AD B2C user interface.
For more information, see the Customize browsers and WebViews for iOS/macOS article.
Depending on your requirements, you can use the embedded web view. There are visual and single sign-on behavior differences between the embedded web view and the system web view in MSAL.
Important
We recommend that you use the platform default, which is ordinarily the system browser. The system browser is better at remembering the users that have logged in before. Some identity providers, such as Google, don't support an embedded view experience.
To change this behavior, change the webviewType attribute of MSALWebviewParameters to wkWebView. The following example demonstrates how to change the web view type to embedded view:
func initWebViewParams() {
self.webViewParameters = MSALWebviewParameters(authPresentationViewController: self)
// Use embedded view experience
self.webViewParameters?.webviewType = .wkWebView
}- To learn more, see MSAL for iOS Swift configuration options.