I have a .Net MAUI app. It authenticates users with MSAL. On iOS, authentication on line
AuthenticationResult authResult = await _authenticationClient
.AcquireTokenInteractive(B2CConstants.Scopes)
.WithPrompt(Prompt.ForceLogin)
.ExecuteAsync(cancellationToken);
throws MsalClientException:
The application does not have keychain access groups enabled in the Entitlements.plist. As a result, there was a failure to save to the iOS keychain. The keychain access group 'XXXXXXXX.com.microsoft.adalcache' is not enabled in the Entitlements.plist. Also, use the WithIosKeychainSecurityGroup api to set the keychain access group. See https://aka.ms/msal-net-enable-keychain-groups for more details on enabling keychain access groups and entitlements.
I do have this in my Entitlements.plist:
<key>keychain-access-groups</key>
<array>
<string>$(AppIdentifierPrefix).com.microsoft.adalcache</string>
</array>
And I have this in my authentication service:
_authenticationClient = PublicClientApplicationBuilder.Create(B2CConstants.ClientId)
.WithB2CAuthority(B2CConstants.AuthoritySignInSignUp)
.WithRedirectUri($"msal{B2CConstants.ClientId}://auth")
.WithIosKeychainSecurityGroup("com.microsoft.adalcache")
.Build();
In the project file:
<PropertyGroup Condition="'$(TargetFramework)'=='net7.0-ios'">
<CodesignEntitlements>Entitlements.plist</CodesignEntitlements>
<CodesignKey>Apple Development: John Smith (UYG3HQ6LCP)</CodesignKey>
<CodesignProvision>VS: com.mycompany.MyCompany Development</CodesignProvision>
</PropertyGroup>
This worked on Xamarin.Forms before we migrated to .Net MAUI. I am trying to run it from VS on Mac on a real iPhone.
What can I be missing?
Your entitlements.plist has an extra '.' character. You need to replace
<string>$(AppIdentifierPrefix).com.microsoft.adalcache</string>
with
<string>$(AppIdentifierPrefix)com.microsoft.adalcache</string>
This is because $(AppIdentifierPrefix) contains a trailing '.' character.