Skip to content

Files

Failed to load latest commit information.

Latest commit

 Cannot retrieve latest commit at this time.

History

History
 
 

msal-react-native-android-poc

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

MSAL React Native Proof of Concept (Android)

Note: With this library being a proof of concept, it is not recommended to be used for React Native applications intended for production.

MSAL for React Native is a proof of concept that allows React Native applications to authenticate users with Microsoft work and school accounts (AAD) as well as acquire access tokens from the Microsoft identity platform endpoint in order to access secured web APIs. Currently, this library is only available for the Android platform.

Getting started

Installation

$ npm install @azuread/msal-react-native-android-poc

Register your application in the Azure Portal

Under Authentication -> Platform configurations, click "Add a platform" and select Android. To generate the base64 signature of your application:

  • MacOS: keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore | openssl sha1 -binary | openssl base64
  • Windows: keytool -exportcert -alias androiddebugkey -keystore %HOMEPATH%.android\debug.keystore | openssl sha1 -binary | openssl base64

For more information and help, refer to this MSAL FAQ.

Configuring in app

Follow steps 1 through 3 in the Using MSAL section of MSAL for Android's README with these modifications/reminders:

  • In step 2, please name the config file auth_config_single_account.json and put it in res/raw. You can pretty much copy and paste the MSAL configuration generated for you in Azure Portal and refer to the configuration file documentation.
  • In step 3, remember that for android:path you want to paste the base64 signature hash you generated in the console and not the url encoded version.

Usage

Import MSAL for React Native as MSAL:

import MSAL from '@azuread/msal-react-native-android-poc';

Importing will automatically create a SingleAccountPublicClientApplication with the configurations provided in auth_config_single_account.json. All of the MSAL methods return a promise. You can use MSAL to sign in a user with scopes (a string of scopes separated by " "):

try {
    await MSAL.signIn(scopesValue);
} catch (error) {
    console.log(error);
}

Most of the methods return a map, and in the case of signIn, a map containing the variables of an IAccount object is returned. We can access the username of the currently signed in user and log it to console (for example):

try 
    const account = await MSAL.signIn(scopesValue);
    console.log("Username: " + account.username)
} catch (error) {
    console.log(error);
}

Since a user is now signed in, we can try to acquire an access token silently and make a call to Microsoft Graph API:

try {
    const result = await MSAL.acquireTokenSilent(scopesValue);
    //api call to MSGraph
    const response = await fetch (
        "https://graph.microsoft.com/v1.0/me", {
             method: 'GET',
             headers: {
                Authorization: `Bearer ${result.accessToken}`
             }
        }
    );
    
    ... //do something with response here
    
} catch (error) {
  console.log(error);
}

Please see msal-react-native-android-poc-sample in the sample folder for an example app that demonstrates the MSAL methods.

For a complete listing of each method's return value and map keys, see the Methods(link to Methods) section.

What to expect from this library

Because this library is a proof of concept, it is scoped to specific features and does not implement all the capabilities of an official MSAL for React Native library.

This proof of concept is scoped to consider:

  • Compatibility with the Android platform
  • Authenticating users with work and school Azure AD accounts (AAD)
  • Single-account mode

This proof of concept does not implement:

Methods

This library's methods wrap MSAL for Android's corresponding singleAccountPublicClientApplication methods. All methods return a promise that, in most cases, resolves to a map and returns an exception if rejected. Please see the Microsoft Docs for singleAccountPublicClientApplication for more general information regarding MSAL methods.

Method Description
signIn(String scopesValue) Directs a user to sign in with an AAD account. scopesValue is a String containing scopes separated by spaces (" "). Returns a map with the authority, id, tenantId, username, and idToken of the account. See the Microsoft docs on IAccount for more details of the map's keys.
signOut() Signs out the account currently signed in. If successful, true is returned, and if not, an exception is returned.
getAccount() Retrieves the account currently signed in. If no account is signed in, null is returned. Otherwise, a map is returned with the authority, id, tenantId, username, and idToken of the account. See the Microsoft docs on IAccount for more details of the map's keys.
isSharedDevice() Returns a boolean that corresponds to whether the current device is shared or not.
acquireToken(String scopesValue) Attempts to obtain an access token interactively. scopesValue is a String containing scopes separated by spaces (" "). Returns a map containing accessToken, authenticationScheme, authorizationHeader, expiresOn (string), scope (string), tenantId, and account (map with keys as described in "signIn"). An exception is returned otherwise. See MS docs on IAuthenticationResult for more details.
acquireTokenSilent(String scopesValue) Attempts to obtain a token silently. scopesValue is a String containing scopes separated by spaces (" "). Returns a map containing accessToken, authenticationScheme, authorizationHeader, expiresOn (string), scope (string), tenantId, and account (map with keys as described in "signIn"). An exception is returned otherwise. See MS docs on IAuthenticationResult for more details.