Skip to content

Azure-Samples/ms-identity-ciam-native-auth-ios-sample

Repository files navigation

Sign in users and call a protected web API in iOS (Swift) mobile app by using native authentication

Overview

This sample iOS application demonstrates how to handle sign-up, sign-in, sign-out, and reset-password scenarios using Microsoft Entra External ID for customers. You can configure the sample to call a protected web API.

Contents

File/folder Description
NativeAuthSampleApp.xcodeproj This sample application project file.
NativeAuthSampleApp/Configuration.swift Configuration file.
CONTRIBUTING.md Guidelines for contributing to the sample.
README.md This README file.
LICENSE The license for the sample.

Prerequisites

Project setup

To enable your application to authenticate users with Microsoft Entra, Microsoft Entra ID for customers must be made aware of the application you create. The following steps show you how to:

Step 1: Register an application

Register your app in the Microsoft Entra admin center using the steps in Register an application.

Step 2: Enable public client and native authentication flows

Enable public client and native authentication flows for the registered application using the steps in Enable public client and native authentication flows.

Step 3: Grant API permissions

Grant API permissions to the registered application by following the steps in Grant API permissions.

Step 4: Create user flow

Create a user flow by following the steps in Create a user flow.

Step 5: Associate the app with the user flow

Associate the application with the user flow by following the steps in Associate the application with the user flow.

Step 6: Clone sample iOS mobile application

Clone the sample iOS mobile application by following the steps outlined in Clone sample iOS mobile application.

Step 7: Configure the sample iOS mobile application

Configure the sample iOS mobile application by following the steps in Configure the sample iOS mobile application.

Step 8: Run and test sample iOS mobile application

Run and test the iOS sample mobile application by following the steps in Run and test sample iOS mobile application.

Step 9: Call a protected web API

Follow the steps in Sign in users and call an API in a sample iOS mobile app by using native authentication to sign in users and call a protected API in the iOS sample mobile app.

Additional step: Add email one-time passcode MFA to your iOS app (Private Preview)

Add email one-time passcode MFA to the sign in flow by following the steps in Add email one-time passcode MFA to your iOS/macOS app.

Key concepts

Open NativeAuthSampleApp/Configuration.swift file and you find the following lines of code:

import MSAL

@objcMembers
class Configuration: NSObject {
    // Update the below to your client ID and tenantSubdomain you received in the portal.

    static let clientId = "Enter_the_Application_Id_Here"
    static let tenantSubdomain = "Enter_the_Tenant_Subdomain_Here"
}

The code creates two constant properties:

  • clientId - the value Enter_the_Application_Id_Here is replaced with Application (client) ID of the app you register during the project setup. The Application (client) ID is unique identifier of your registered application.
  • tenantSubdomain - the value Enter_the_Tenant_Subdomain_Here is replaced with the Directory (tenant) subdomain. The tenant subdomain URL is used to construct the authentication endpoint for your app.

You use NativeAuthSampleApp/Configuration.swift file to set configuration options when you initialize the client app in the Microsoft Authentication Library (MSAL).

To create SDK instance, use the following code:

import MSAL

var nativeAuth: MSALNativeAuthPublicClientApplication!

do {
    nativeAuth = try MSALNativeAuthPublicClientApplication(
        clientId: Configuration.clientId,
        tenantSubdomain: Configuration.tenantSubdomain,
        challengeTypes: [.OOB, .password]
    )
} catch {
    print("Unable to initialize MSAL \(error)")
    showResultText("Unable to initialize MSAL")
}

You create MSAL instance so that you can perform authentication logic and interact with your tenant through native authentication APIs. The MSALNativeAuthPublicClientApplication creates an instance called nativeAuth. The clientId and tenantSubdomain, defined in the configuration file NativeAuthSampleApp/Configuration.swift file, are passed as parameters. For more information about SDK instance, see Tutorial: Prepare your iOS app for native authentication

Reporting problems

  • Search the GitHub issues in the repository - your problem might already have been reported or have an answer.
  • Nothing similar? Open an issue that clearly explains the problem you're having running the sample app.

Contributing

If you'd like to contribute to this sample, see CONTRIBUTING.MD.

This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

About

No description, website, or topics provided.

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published