具有MSAL的Xamarin无法保存访问令牌,因为在临时设置期间更改了钥匙串访问组 [英] Xamarin with MSAL cannot save access token as Keychain Access Groups changed during Ad-Hoc provisioning
问题描述
我们已将最新的MSAL库添加到我们的Xamarin项目中,并将钥匙串共享功能添加到了权利plist中:
We have added the latest MSAL library to our Xamarin project and added the Keychain sharing capabilities to the entitlements plist:
该应用程序可以在开发人员计算机上正常构建,并且可以根据Azure AD B2C正确进行身份验证.
The app builds ok on a developer machine and the app authenticates correctly against Azure AD B2C.
当我们通过ADO进行构建并在App Center中发布(Ad-Hoc设置)时,该应用即会构建,并且似乎可以通过Azure AD B2C进行身份验证,但不会与我们的其他Azure资源(API,存储等)进行通信.)似乎没有找到钥匙串访问组,并且在正常进行身份验证的过程中,MSAL无法将访问令牌保存在钥匙串中.
When we build through ADO and publish in App Center (Ad-Hoc provisioning) the app builds, and the appears to authenticate against the Azure AD B2C, but does not communicate with our other Azure resources (API, Storage, etc.) It appears that the Keychain access group is not found and whilst the authentication takes place normally MSAL fails to save the access token in the Key Chain.
iOSTokenCacheAccessor.Save (System.String account, System.String service, System.String generic, System.Int32 type, System.String value)
Microsoft.Identity.Client.MsalClientException:该应用程序没有在Entitlements.plist中启用钥匙串访问组.结果,无法保存到iOS钥匙串.
我们认为这是因为在Ad-Hoc供应期间,设备ID已包含在供应配置文件中,但App-Hoc配置文件权利部分仅包含[app ID].*并未对com进行重新签名..microsoft.adalcache值.
We think this is because during Ad-Hoc provisioning the app is re-signed after the device id has been included in the provisioning profile but the Ad-Hoc profile entitlements section only contain the [app id].* not the com.microsoft.adalcache value.
- 在构建到个人资料期间,entitlements.plist是否会合并,即,将钥匙串组添加到plist的"entitlements"部分?
- 如果是这样,这是什么?什么时候在构建管道中发生?
- Ad-Hoc设置如何在这种情况下工作?
真的很感谢任何帮助,因为这目前阻止了我们的发布.
Any help really appreciated as this is currently blocking our release.
推荐答案
来自这里.AppCenter中还存在一个错误,即当他们重新签名应用程序时,他们在权利"中使用通配符.自1/21起,此问题已修复.
From MSAL 2.7.0, MSAL now resolves the TeamId at runtime. A new property iOSKeychainSecurityGroup should be used instead of KeychainSecurityGroup. More information can be found here. There was also a bug in AppCenter where they were using a wildcard in the Entitlements when they re-signed the app. This has been fixed as of 1/21.
这篇关于具有MSAL的Xamarin无法保存访问令牌,因为在临时设置期间更改了钥匙串访问组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
