Search Unity

  1. Unity support for visionOS is now available. Learn more in our blog post.
    Dismiss Notice

Question Microsoft.Identity.Client for OAuth flow to AAD B2C in Android

Discussion in 'Windows' started by patrick_murphy_, Oct 13, 2022.

  1. patrick_murphy_

    patrick_murphy_

    Joined:
    Apr 16, 2017
    Posts:
    24
    (I realize this is ultimately an Android question but heavily relies on Microsoft client code so figured people in this subforum may know something...)

    Does anyone have any experience stringing these together? I have scoured the web for literally week trying to combine as much as I can to make this work...

    I am using the MSAL PublicClientApplication pattern for OAuth flow, using Mono/.NET Standard as scripting back in Unity, which works fine in the editor on Windows, but when deploying to various Android devices/OS versions, the browser prompt for credentials simply never pops.

    It's very difficult getting any information as to why. The furthest I have gotten is using MSAL's isSystemWebviewAvailable() and isEmbeddedWebviewAvailable(), which both return false on Android, and this is after setting up the manifest for internet permissions and associated webview activities. (For completeness, isSystemWebviewAvailable() returns true on Windows, where the flow works fine.)

    After investigation it seems that system webviews are considered an attack surface by Google and are possibly restricted from use, and require an unrealistic configuration on the part of each Android user to get them to work... but then to really complicate it, MSAL does not support embedded webviews either (for the most part, specifically for .NET Standard or .NET Core in Android). So it looks like this is just a dead end?

    I was hoping to avoid a classic authentication model and having to manage and secure user credentials, password resets, etc., and was really hoping I could leverage AAD B2C to take this off my plate, but at this point it looks like a much more desirable option than the quite frankly absurd amount of work (I have left *a lot* of detail and Android requirements out) it would take to get OAuth flows to Azure working on Android.