Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keychain problems with getDeviceInformation and getWPJMetaDataDevice #2393

Open
petarov opened this issue Nov 15, 2024 · 0 comments
Open

Keychain problems with getDeviceInformation and getWPJMetaDataDevice #2393

petarov opened this issue Nov 15, 2024 · 0 comments

Comments

@petarov
Copy link

petarov commented Nov 15, 2024

Hi,

Similar questions seem to have been asked a couple of time already, but I'm stuck and I'd appreciate some help.

I'm new to Entra and I'm working on an app that initiates a WPJ using Authenticator as a broker. My end goal is to fetch the registered Device ID into my app and send it to another 3rd party service. My app has the $(AppIdentifierPrefix)com.microsoft.adalcache keychain entitlement and I'm using the {"access_token":{"deviceid":{"essential":true}}} device claim with the acquireToken call, so that seems to work.

Now I'm trying to use the MSALPublicClientApplication calls getDeviceInformation or getWPJMetaDataDevice to fetch the extraDeviceInformation dictionary and read the Device ID. Unfortunately there are always errors being produced and the dictionary remains empty.

Examples:

self.applicationContext?.getDeviceInformation(with: nil, completionBlock: { (deviceInformation, error) in
    
    guard let deviceInfo = deviceInformation else {
        self.updateLogging(text: "Device info not returned. Error: \(String(describing: error))")
        return
    }
    
    print("*** Reading deviceInformation.extraDeviceInformation")
    
    for (key, value) in deviceInfo.extraDeviceInformation as? [NSString: Any] ?? [:] {
        print("\tKey: \(key), Value: \(value)")
    }
})

Logs:

TID=486295 MSAL 1.6.1 iOS 18.1 [2024-11-15 12:05:42] Querying device info
TID=486295 MSAL 1.6.1 iOS 18.1 [2024-11-15 12:05:42 - 166EBD2F-E392-46CC-B43F-39DD16CECDF1] [MSAL] GetDeviceInfo: Should call Sso Extension decision: 0
TID=486295 MSAL 1.6.1 iOS 18.1 [2024-11-15 12:05:42 - 166EBD2F-E392-46CC-B43F-39DD16CECDF1] [MSAL] Broker is not present on this device. Defaulting to personal mode
TID=486295 MSAL 1.6.1 iOS 18.1 [2024-11-15 12:05:42 - 166EBD2F-E392-46CC-B43F-39DD16CECDF1] [MSAL] Checking Legacy keychain for registration.
TID=486295 MSAL 1.6.1 iOS 18.1 [2024-11-15 12:05:42] Failed to find workplace join private key with status -34018
TID=486295 MSAL 1.6.1 iOS 18.1 [2024-11-15 12:05:42 - 166EBD2F-E392-46CC-B43F-39DD16CECDF1] [MSAL] Checking keychain for default registration done using ECC key.
*** Reading deviceInformation.extraDeviceInformation
TID=486295 MSAL 1.6.1 iOS 18.1 [2024-11-15 12:05:42] Error Domain=MSIDKeychainErrorDomain Code=-25300 "(null)" UserInfo={MSIDCorrelationIdKey=166EBD2F-E392-46CC-B43F-39DD16CECDF1, MSIDErrorDescriptionKey=Could not get default primary registration tenantId.}
TID=486295 MSAL 1.6.1 iOS 18.1 [2024-11-15 12:05:42] GetDeviceInfo: Completing filling device info: Masked(not-null), error: Masked(null)
TID=486295 MSAL 1.6.1 iOS 18.1 [2024-11-15 12:05:42 - 166EBD2F-E392-46CC-B43F-39DD16CECDF1] [MSAL] Retrieved device info Masked(not-null)

print("*** isCompatibleAADBrokerAvailable = \(self.applicationContext?.isCompatibleAADBrokerAvailable)")
       
self.applicationContext?.getWPJMetaDataDevice(with: nil, forTenantId: "<my-tenant-id>", completionBlock: { (msalWPJMetaData, error) in
    
    guard let data = msalWPJMetaData else {
        self.updateLogging(text: "MSALWPJMetaData info not returned. Error: \(String(describing: error))")
        return
    }
    
    print("*** Reading msalWPJMetaData.extraDeviceInformation")
    
    for (key, value) in data.extraDeviceInformation as? [NSString: Any] ?? [:] {
        print("\tKey: \(key), Value: \(value)")
    }
})

Logs:


*** isCompatibleAADBrokerAvailable = Optional(true)
TID=488848 MSAL 1.6.1 iOS 18.1 [2024-11-15 12:11:17 - 27F7D0F8-89AC-4F12-9218-C9FCB88EC0CE] [MSAL] Querying WPJ MetaData for tenantId: Masked(not-null)
TID=488848 MSAL 1.6.1 iOS 18.1 [2024-11-15 12:11:17 - 27F7D0F8-89AC-4F12-9218-C9FCB88EC0CE] [MSAL] Checking Legacy keychain for registration.
TID=488848 MSAL 1.6.1 iOS 18.1 [2024-11-15 12:11:17] Failed to find workplace join private key with status -34018
TID=488848 MSAL 1.6.1 iOS 18.1 [2024-11-15 12:11:17 - 27F7D0F8-89AC-4F12-9218-C9FCB88EC0CE] [MSAL] Checking keychain for default registration done using RSA key.
TID=488848 MSAL 1.6.1 iOS 18.1 [2024-11-15 12:11:17] Failed to find workplace join private key with status -25300
TID=488848 MSAL 1.6.1 iOS 18.1 [2024-11-15 12:11:17 - 27F7D0F8-89AC-4F12-9218-C9FCB88EC0CE] [MSAL] Checking keychain for default registration done using ECC key.
*** Reading msalWPJMetaData.extraDeviceInformation
TID=488848 MSAL 1.6.1 iOS 18.1 [2024-11-15 12:11:17] Failed to find workplace join private key with status -25300
TID=488848 MSAL 1.6.1 iOS 18.1 [2024-11-15 12:11:17 - 27F7D0F8-89AC-4F12-9218-C9FCB88EC0CE] [MSAL] Returning RSA private device key from legacy registration..
TID=488848 MSAL 1.6.1 iOS 18.1 [2024-11-15 12:11:17 - 27F7D0F8-89AC-4F12-9218-C9FCB88EC0CE] [MSAL] wpjMetaDataDeviceInfo: Completing filling device info for tenant Id: Masked(not-null) Masked(not-null)
TID=488848 MSAL 1.6.1 iOS 18.1 [2024-11-15 12:11:17 - 27F7D0F8-89AC-4F12-9218-C9FCB88EC0CE] [MSAL] Retrieved metadata device info Masked(not-null)

I'm testing with the latest Authenticator app from TestFlight and using Xcode Debug Run on an iPhone device.

What am I missing or doing wrong here?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@petarov