- Microsoft Wants To Use Your Confidential Information Stored In
- Microsoft Wants To Use Your Confidential Information Stored In Microsoft Office Credentials
- Microsoft Wants To Use Your Confidential Information Stored
Tips – Note:- If you don’t want to reset Keychain and stop Safari looking into keychain everytime you try to login to any website,You can simply disable this feature by going into Safari - Preferences - Autofill and uncheck all the boxes, it will stop prompting you for keychain access.This prevents Safari from using AutoFill when you visit websites that have forms for you to fill in. Visual studio code wants to use your confidential information stored in vscode.github.login in your keychain visual studio code wants to use your confidential information stored in VS Code Account in your keychain; Does this issue occur when all extensions are disabled?: Yes.
-->When the Microsoft Authentication Library for iOS and macOS (MSAL) signs in a user, or refreshes a token, it tries to cache tokens in the keychain. Caching tokens in the keychain allows MSAL to provide silent single sign-on (SSO) between multiple apps that are distributed by the same Apple developer. SSO is achieved via the keychain access groups functionality. For more information, see Apple's Keychain Items documentation.
Microsoft Wants To Use Your Confidential Information Stored In
This article covers how to configure app entitlements so that MSAL can write cached tokens to iOS and macOS keychain.
Default keychain access group
iOS
MSAL on iOS uses the com.microsoft.adalcache
access group by default. This is the shared access group used by both MSAL and Azure AD Authentication Library (ADAL) SDKs and ensures the best single sign-on (SSO) experience between multiple apps from the same publisher.
On iOS, add the com.microsoft.adalcache
keychain group to your app's entitlement in XCode under Project settings > Capabilities > Keychain sharing
Microsoft Wants To Use Your Confidential Information Stored In Microsoft Office Credentials
macOS
MSAL on macOS uses com.microsoft.identity.universalstorage
access group by default.
Due to macOS keychain limitations, MSAL's access group
doesn't directly translate to the keychain access group attribute (see kSecAttrAccessGroup) on macOS 10.14 and earlier. However, it behaves similarly from a SSO perspective by ensuring that multiple applications distributed by the same Apple developer can have silent SSO.
On macOS 10.15 onwards (macOS Catalina), MSAL uses keychain access group attribute to achieve silent SSO, similarly to iOS.
Custom keychain access group
If you'd like to use a different keychain access group, you can pass your custom group when creating MSALPublicClientApplicationConfig
before creating MSALPublicClientApplication
, like this:
Disable keychain sharing
If you don't want to share SSO state between multiple apps, or use any keychain access group, disable keychain sharing by passing the application bundle ID as your keychainGroup:
Handle -34018 error (failed to set item into keychain)
Error -34018 normally means that the keychain hasn't been configured correctly. Ensure the keychain access group that has been configured in MSAL matches the one configured in entitlements.
Ensure your application is properly signed
On macOS, applications can execute without being signed by developer. While most of MSAL's functionality will continue to work, SSO through keychain access requires application to be signed. If you're experiencing multiple keychain prompts, make sure your application's signature is valid.
Microsoft Wants To Use Your Confidential Information Stored
Next steps
Learn more about keychain access groups in Apple's Sharing Access to Keychain Items Among a Collection of Apps article.