Hello team.
We would like to achieve the "Shared device sign-out support" with Microsoft authenticator app.
We are using "SingleAccountPublicClientApplication" to create the account code detail.
`PublicClientApplication.createSingleAccountPublicClientApplication(applicationContext, file,
new IPublicClientApplication.ISingleAccountApplicationCreatedListener()
{
@OverRide
public void onCreated(ISingleAccountPublicClientApplication application)
{
mSingleAccountApp = (SingleAccountPublicClientApplication) application;
boolean isShared = mSingleAccountApp.isSharedDevice();
file.delete();
loadAccount();
}
@Override
public void onError(MsalException e)
{
}
});`
Till now we are passing the following information in the file:
{"client_id":"proper_client_id","broker_redirect_uri_registered":true,"power_opt_check_for_network_req_enabled":false,"shared_device_mode_supported":true,"power_opt_check_enabled":false,"multiple_clouds_supported":true,"authorization_user_agent":"DEFAULT","redirect_uri":"proper_redirect_uri","account_mode":"SINGLE","authorities":[{"type":"AAD","authority_url":"https://login.microsoftonline.com/common/"}]}
With this device gets registered in the authenticator and generated token send to back end to make the compliant work properly.
Now Customer wants to support Shared device , when they Sign-out , they need to global Sign-out in Microsoft authenticator. We have seen Authenticator app also have an option for that https://learn.microsoft.com/en-us/entra/identity-platform/tutorial-mobile-android-device-shared-mode
https://learn.microsoft.com/en-us/entra/msal/android/shared-devices
We have tried setting this value "shared_device_mode_supported":true while registering the device.
{"client_id":"proper_client_id","broker_redirect_uri_registered":true,"power_opt_check_for_network_req_enabled":false,"shared_device_mode_supported":true,"power_opt_check_enabled":false,"multiple_clouds_supported":true,"authorization_user_agent":"DEFAULT","redirect_uri":"proper_redirect_uri","account_mode":"SINGLE","authorities":[{"type":"AAD","authority_url":"https://login.microsoftonline.com/common/"}]}
With this change also we are able to fetch the token but still Authenticator app is not register as shared device, we are seeing this value is returning as false
` public boolean isSharedDevice()
{
try {
return mSingleAccountApp != null && mSingleAccountApp.isSharedDevice();
}
catch (Exception e) {
}
And also when we try to call Sign-out the expectation is it will get Sign-out from Authenticator app also, Kindly confirm our understanding is correct:
ISingleAccountPublicClientApplication app = PublicClientApplication.createSingleAccountPublicClientApplication(applicationContext, file); signOutCompleted = app.signOut();
We would like to know are we missing something here to achieve the shared device functionality.
Already we are using SingleAccountPublicClientApplication and also "shared_device_mode_supported":true is that not sufficient to register the device as shared device mode? If there is additional steps required Kindly let us know what needs to be done
Hello team.
We would like to achieve the "Shared device sign-out support" with Microsoft authenticator app.
We are using "SingleAccountPublicClientApplication" to create the account code detail.
`PublicClientApplication.createSingleAccountPublicClientApplication(applicationContext, file,
new IPublicClientApplication.ISingleAccountApplicationCreatedListener()
{
@OverRide
public void onCreated(ISingleAccountPublicClientApplication application)
{
mSingleAccountApp = (SingleAccountPublicClientApplication) application;
Till now we are passing the following information in the file:
{"client_id":"proper_client_id","broker_redirect_uri_registered":true,"power_opt_check_for_network_req_enabled":false,"shared_device_mode_supported":true,"power_opt_check_enabled":false,"multiple_clouds_supported":true,"authorization_user_agent":"DEFAULT","redirect_uri":"proper_redirect_uri","account_mode":"SINGLE","authorities":[{"type":"AAD","authority_url":"https://login.microsoftonline.com/common/"}]}
With this device gets registered in the authenticator and generated token send to back end to make the compliant work properly.
Now Customer wants to support Shared device , when they Sign-out , they need to global Sign-out in Microsoft authenticator. We have seen Authenticator app also have an option for that https://learn.microsoft.com/en-us/entra/identity-platform/tutorial-mobile-android-device-shared-mode
https://learn.microsoft.com/en-us/entra/msal/android/shared-devices
We have tried setting this value "shared_device_mode_supported":true while registering the device.
{"client_id":"proper_client_id","broker_redirect_uri_registered":true,"power_opt_check_for_network_req_enabled":false,"shared_device_mode_supported":true,"power_opt_check_enabled":false,"multiple_clouds_supported":true,"authorization_user_agent":"DEFAULT","redirect_uri":"proper_redirect_uri","account_mode":"SINGLE","authorities":[{"type":"AAD","authority_url":"https://login.microsoftonline.com/common/"}]}
With this change also we are able to fetch the token but still Authenticator app is not register as shared device, we are seeing this value is returning as false
` public boolean isSharedDevice()
{
try {
return mSingleAccountApp != null && mSingleAccountApp.isSharedDevice();
}
catch (Exception e) {
}
And also when we try to call Sign-out the expectation is it will get Sign-out from Authenticator app also, Kindly confirm our understanding is correct:
ISingleAccountPublicClientApplication app = PublicClientApplication.createSingleAccountPublicClientApplication(applicationContext, file); signOutCompleted = app.signOut();We would like to know are we missing something here to achieve the shared device functionality.
Already we are using SingleAccountPublicClientApplication and also "shared_device_mode_supported":true is that not sufficient to register the device as shared device mode? If there is additional steps required Kindly let us know what needs to be done