Unable to call broker

[EmilyWen]

Describe the bug
In development app using latest MSAL for Android version is unable to call broker to sign-in.
Followed the doc to use MSAL for the app.

I have already check we are using the latest MSAL version, and the configuration JSON file, package name in their code are all set correctly including the "redirect URI, broker_redirect_uri_registered.
Broker Microsoft Company Portal has already installed and and signed in. The device is compliant.

As I know, MSAL will call broker to sign-in by default.
Any ideas why the app using MSAL is unable to call broker?

Smartphone (please complete the following information):

• Android Version: Android 11
• Browser: Default
• MSAL Version: 2.0.+

To Reproduce
Steps to reproduce the behavior:

If related to user experience, use the format:

1. Open the app and tried to sign-in
2. The app will request the user to download broker even the user has downloaded on the app.

If related to development, please provide relevant configuration details necessary to understand your problem including any relevant traces, logs, or otherwise.

Expected behavior
The app should call broker and sign in by default.

Actual Behavior
The app will request the user to download broker(Microsoft Company portal)even the user has downloaded on the app.

Additional context
Already checked the signature is correctly generated from the key.

Manifest:
`

            <category android:name="android.intent.category.DEFAULT" />
            <category android:name="android.intent.category.BROWSABLE" />

            <!--
                Add in your scheme/host from registered redirect URI
                note that the leading "/" is required for android:path
            -->
            <data
                android:host="com.imobilemind.isaicloud"
                android:path="/hfy+7NbfbffwKZ9tqUkBtXgkJcE="
                android:scheme="msauth" />
            
        </intent-filter>`

Configuration file
{ "client_id" : "1540d24d-479b-4edb-9c98-971415582d29", "authorization_user_agent" : "DEFAULT", "redirect_uri" : "msauth://com.imobilemind.isaicloud/hfy%2B7NbfbffwKZ9tqUkBtXgkJcE%3D", "account_mode" : "SINGLE", "broker_redirect_uri_registered": true, "authorities" : [ { "type": "AAD", "default": true, "audience": { "type": "AzureADMyOrg", "tenant_id": "305675df-dc39-4b66-8034-b8e7a8cXXXXXX" } } ] }

[gitaumoses4]

Hello. Thanks for raising this issue.

1. Seems you are using an older version of MSAL. The latest version is 2.0.12

Question:
Is the app installed under the work profile?

[EmilyWen]

Hello,

1. Sorry for the version that is typo in the issue description. I have checked the dependency declare which is 2.0.+.
2. No, it is not installed under work profile.

[ghtaylor]

Hi, we have noticed this same issue with ADAL 1.16.3 on different devices with Android 11 over recent days, and the issue appears to be occurring for some and not others. Could this be related to the recent update of the broker applications?

[ghtaylor]

I have filed an issue against the ADAL library but please check the details of it as if the issue seems identical it would suggest an issue with Company Portal rather than either of the authentication libraries

AzureAD/azure-activedirectory-library-for-android#1612

[EmilyWen]

We test the sample code. When we add the same api permission to the sample app, it also encountered the same issue. (It is to say that the root cause may not be related to their package.)

Since the api permission is another app also registered in AAD and will authnticated with AAD, I am wondering if that resource app need addtional configuration to let the client call borker and get the device info?

[lukeisontheroad]

Can you provide an update to this issue? We are facing this issue on Android 11 devices.

[ghtaylor]

Can you provide an update to this issue? We are facing this on some Android 11 devices.

Hi Luke, I managed to fix this issue last week. I hope this helps you and others.

The issue affects both MSAL and ADAL and is related to changes to Package Visibility with Android 11. You must add the following code to your manifest file. I also found that I needed at least gradle plugin version 3.5.4; we were experiencing build errors with 3.5.3.

<manifest ...>
    ...
    <queries>
        <package android:name="com.azure.authenticator" />
        <package android:name="com.microsoft.windowsintune.companyportal" />
    </queries>
    ...
     <application ...>
    ...
</manifest>

See the below links for extra information:
https://stackoverflow.com/questions/62345805/namenotfoundexception-when-calling-getpackageinfo-on-android-11

https://developer.android.com/about/versions/11/privacy/package-visibility

[lukeisontheroad]

Thanks a lot, this was the problem I was running into.