Brokerage SSO with Microsoft Authenticator doesn't work on Android phone with WebView/Default browser

[sashalinder]

Describe the bug
Is your app live and in production or is this a development issue? Provide a clear and concise description of what the bug is.

NO

Smartphone (please complete the following information):

• Device: [e.g. Pixel, OnePlus 6, etc]
  Pixel 7 - AVD (Android Studio), emulator
• Android Version: [e.g. API Level, Build Number]
  Android 13, API 34, TiramisuPrivacySandbox
• Browser [e.g. Chrome, Edge]
• MSAL Version
  latest, Version 5.1.0

Stacktrace
If a crash occurs, include the stacktrace.

To Reproduce
Steps to reproduce the behavior:
In my app I want to allow users to access a private portal from their mobile. User is authenticates with MSAL against Entra ID successfully (app receives access token and id token), then user access the private portal from within the app - WebView. private portal redirects the user to the authentication page.
I reproduced the same issue with the com.azuresamples.msalandroidapp app and the used https://login.microsoftonline.com/ as the private site.
I tried to use WebView and BROWSER in the authorization_user_agent - same result.
User's authentication with the app creates an account, under the device accounts (settings)

Does such flow supported by MSAL? Cross Signle-Sign-on between app and private website launched with WebView from the app.

If related to user experience, use the format:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

If related to development, please provide relevant configuration details necessary to understand your problem including any relevant traces, logs, or otherwise.

Expected behavior
A clear and concise description of what you expected to happen.

User not being prompt to signin when accessing a corporate portal from the app, following successful authenticaiton in the app. silent single sign-on experience from within the app.

Actual Behavior
A description of what actually happened.

User prompt to sign-in

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.

Please note: Do not include sensitive information like PII, OII, credentials, secrets, and tokens.

For privacy/security issues please see instructions here

[sashalinder]

To add to the above,
I am not sure how to "hint" to the broker on the user/claim that should be used during the access to the private website.
Is there any Entra configuration of the website that should be configured in the app?
account mode Single being used.
Authorities: AzureADMyOrg
"redirect_uri" : "msauth://com.azuresamples.msalandroidapp/[key]....

[negoe]

Hi @sashalinder Your issue is not described clearly, what exactly is the issue you are facing? Are you implying that the authentication process is not happening within the WebView. Can you please provide the Expected behavior and Actual Behavior information ?

[sashalinder]

Hi,

My ask was for the documentation and expected behavior about identity federation for SSO with msal, when using webview in an android app.
User successfully authenticates with oauth 2.0 - against Entra ID, dedicated entra app is configured. Msal package exposes access token and id token following successful authentication by the user.
as part of the application use cases there is a different web application accessible throughout web portal, the IdP for the app is same Entra Id account, different app, trust set with oauth 2.0.

I am using edge browser on android with microsoft authentication app.

expected behavior is a silent sign in for the web portal launched in the webview, as user already logged in.

I hope that now it’s more clear, thank you for the support.