Update SDK readme with native authentication content

[Dickson-Mwendia]

This PR updates the readme to include the native authentication capabilities for MSAL Android.

For the documentation updates and links:

• We point to the official MSAL Android docs on MS Learn - https://learn.microsoft.com/en-us/entra/msal/android

• Within the getting started section of the readme, we provide links to the different quickstarts/tutorials that devs can follow, based on their scenario and type of app they're building (workforce/customer)

• I've also removed much of the content that's duplicated in the official docs (configuration, initialize client app, and acquire tokens) and instead pointed to the guidance on MS Learn, i.e:

  • Official MSAL Android documentation on how to instantiate your client application and acquire tokens.

As for the code samples, we also need to differentiate the between workforce and customer sample apps, that's why we have two links. Eventually, the links will point to the code samples browser, such as (https://learn.microsoft.com/en-us/samples/browse/?products=microsoft-authentication-library) I'm working to get all code samples for Android onboarded there.

[iamgusain]

Let's add some description to the PR explaining what we are changing here and why.

[Dickson-Mwendia]

@negoe @iamgusain could you please have another look at this?

[henrymbuguakiarie]

Hello @Dickson-Mwendia,

I've left a couple of comments.

[SammyO]

Some conceptual feedback: why are we repeating instructions here that are already documented in learn.microsoft.com?
I understood from @kaushikkislay that there's a push to have all developer journeys start on learn.microsoft.com, and if/where they start elsewhere (like Github) to guide them to learn.microsoft.com.

[Dickson-Mwendia]

Appreciate your feedback here.

In this SDK readme, we've updated the previous content to ensure it includes native auth capabilities. The content, like other SDKs, includes an overview of the SDK, installation steps, and getting started guidance. And for the most part, we're pointing developers to content on MS Learn, and leading them to where they'll find different pieces of content they'd need based on their scenarios.

I'd be happy to cut down some sections and replace with equivalent links to MS Learn if we all agree to take this approach.

[SammyO]

Missing closing );. @Dickson-Mwendia perhaps run this in Android Studio to see if it compiles.

[Dickson-Mwendia]

Good spot @SammyO. Tested and yes, it was missing the );

[negoe]

Thanks, Dickson for the updates. I have provided my comments. The only main call out I have is the overall structure of the readme seems a bit confusing at the start. While reviewing, it's apparent that customers might become confused regarding the changes to Workforce identity support by MSAL. Previously, the term "Browser delegated auth" wasn't used, as it was the only default support for Workforce ID. Introducing this new term without initially clarifying what "browser delegated support" means, could be puzzling for customers. Also, please note that Ext ID supports both Browser delegated auth and Native Auth. Therefore, we need to explicitly clarify that here browser delegated auth is the original default support by MSAL for work/school and personal accounts.
Additionally, I would recommend setting the customer’s expectation from the beginning by stating that native auth is only supported in the case of Ext ID. You can pivot the document along the lines of: “To support External ID scenarios, we now offer Native authentication for better control over the design of the mobile application sign-in experiences.”

[negoe]

In the past we have always been the term 'tokens' and not 'security tokens'. Is there a reason we are writing security token here?

[Dickson-Mwendia]

No specific reason per se, we could keep the usage of "tokens" to maintain consistency.

[negoe]

Can we please add relevant links to Android related SSO, CA and brokered auth pages?

[Dickson-Mwendia]

Added, SSO and brokered auth content for MSAL Android is in the same article.

[negoe]

to stay consistent across all docs, we should make it -> Microsoft personal accounts.

[negoe]

The link is for Native Authentication and not for the External Id landing page.

[Dickson-Mwendia]

Sure, @negoe. This was the intended destination as we have a table that compares the two authentication methods and could serve as a decision guide. Thoughts on this?

[negoe]

Please add a note for customer to utilize latest version by going to the release page. We sometimes dont update readme with every single major release.

[Dickson-Mwendia]

Great call-out here, thanks!

[Dickson-Mwendia]

Thanks @negoe . I've updated the section that introduces native auth. Please have a look. Also, let me know what you think about renaming the H2 "Native authentication support in MSAL" and if this could bring more clarity to our customers.

[negoe]

nit: The native authentication feature is only available for mobile apps using External ID for customers.

[negoe]

Could we begin by discussing the default support provided by MSAL at a high level, and then divide the content into two distinct categories for browser-delegated and native authentication? The first paragraph under the Native Authentication heading is informative, but it should be positioned outside of this section for better clarity. Also it will align with your content below regarding App configuration.

Example:
Understanding Authentication User Experience in MSAL
MSAL primarily employs the standard, authentication flow, which leverages the user's browser to manage the sign-in experience. This approach is the default authentication method for both work and school accounts, as well as Microsoft personal accounts.

H1: Browser-Delegated Authentication : add your content
H2: Native authentication : add your content

Then provide link to choosing the appropriate authentication method.