Implementing MSAL + AAD B2C in Xamarin – 6 Tips, Tricks and Facts

Inspired by Steven Thewissen’s excellent MSAL article, I thought I would share what I have learned about MSAL over the 3+ years I have worked with MSAL and Xamarin. If you’re just getting started, be sure to read Steven’s article, he does a great job covering how to use the tools. This article is a collection of my personal learnings and experience using MSAL in my apps.

Without further ado, here are 6 tips/tricks/facts about MSAL, AAD B2C and Xamarin:

  1. TIP: Careful with package upgrades!
    • I cannot emphasize how important this is, check out the older packages in nuget: the library was in preview for nearly 3 years and I went through the pain of dealing with api changes and behaviour changes. Read the change log carefully!
  2. FACT: You cannot change the Android webview title from “Sign In” without a custom MSAL build.
  3. TRICK: Use a JWT parser to check your token expiry, if the token is expired, you can pro-actively refresh it avoiding a round trip.
  4. TIP: Android devices with older system browsers may have issues loading the sign in webview.
  5. TRICK: Careful with exceptions
  6. TIP: You don’t need your own code to save tokens to secure storage, MSAL does this for you!

My Implementation

This is roughly what I have used in my last few projects, not exact, I generally use dependency injection and a few other bits. For simplicity’s sake this is a self-contained sample implementation. I would advise using Lazy<T> for IPublicClientApplication at the very least in a real life application.

Note: The Secrets class is generated by Dan Siegel’s excellent mobile build tools.

Your thoughts?

Please let me know your thoughts, tweet at me @dylbot9000. Happy to hear good/bad/ugly/criticisms/suggestions.

3 Replies to “Implementing MSAL + AAD B2C in Xamarin – 6 Tips, Tricks and Facts”

  1. Hi, very nice article. I have implemented the B2C login with xamarin forms but facing problem with nav bar / toolbar. How can we change the navigation bar / toolbar for B2C login you have mentioned custom build what does that mean ? is there any other way to achieve it. Thanks for the reply

  2. The perfect article. Very succinct. I believe I’m also joining the band wagon of people who’d want to get rid of the Black Bar on Android that says Sign In on an Embedded Web View and the Cancel / Done buttons on the IOS. Purpose is to give the user a feel that it is through that this is part of the same application.
    Could you please guide? Thanks in advance.

Leave a Reply

Your email address will not be published. Required fields are marked *