Force ADAL to save persistent cookies

Question

Direct flow from xamarin blog post works great https://blog.xamarin.com/put-adal-xamarin-forms/.

Our app require AD authorization to get access token to communicate with our API. In addition, it contains webview with sharepoint sites. So we should implement SSO to sharepoint after user logged in via ADAL. Now ADAL show webview with login.microsoftonline.com/{tenantId}/oauth2/ url and it doesn`t contain “Keep me sign in” button, so it saves only session cookies. It works great when user open webview with sharepoint site. However, after closing the app he must login again as there were only session cookies.

Does anyone know how to force login.microsoftonline.com to save persistent cookies or to show “Keep me sign in” button?

Answer 1

Using ADAL 3, you use a token cache (local file) and pass that in as a parameter when you create an AuthenticationContext. You then call AcquireTokenSilentAsync to attempt to retrieve a token from the cache without prompting the user. If a token doesn't exist, an AdalException is thrown. You then call AcquireTokenAsync which will display a login dialog where the user can enter their credentials. The token is then saved in the token cache for next time.

This doesn't exactly save cookies, but it does save the token which will prevent the user from having to login again.

Answer 2

There isn't a way to force the service to set a persistent cookie. There isn't a way to do what you want to do today.

Also, the next generation library (Microsoft Authentication Library aka MSAL) will use a system web view instead of an in-process web view, following a general industry trend to move away from in-process web views for sign-in operations.

Net, in the future when you are able to move to MSAL, you CAN get single sign on between your app and a web app running in the browser IF you launch the web app (e.g. SharePoint) in a system web view.