Token caching in Keychain (by using access group “”) seems to be the default for apps using MSAL. Note: I’ve used an Azure AD unregistered device without Enterprise SSO plug-in for the following tests and use cases. Reference to user’s objectId is included. Various refresh token, primary refresh and access token has been cached. , Microsoft Edge Safe Storage com.microsoft Microsoft Teams Identities Cache, .Ĭom.microsoft.oneauth. I have found the following Keychain entries in relation to authentication for various Microsoft products on a macOS device: Product Source: Configure keychain - Microsoft identity platform - Microsoft Docs SSO is achieved via the keychain access groups functionality. Caching tokens in the keychain allows MSAL to provide silent single sign-on (SSO) between multiple apps that are distributed by the same Apple developer. When the Microsoft Authentication Library for iOS and macOS (MSAL) signs in a user, or refreshes a token, it tries to cache tokens in the keychain. macOS Keychain items from Microsoft productsĪccording to Microsoft docs, Keychain plays a central role to store cached tokens which provides SSO between MSAL apps: ![]() Overview of the sign-in, token cache flow and potential replay attack paths on macOS devices.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |