适用于 iOS 的 Microsoft 身份验证库和适用于 macOS 的 Microsoft 身份验证库的差异Microsoft Authentication Library for iOS and macOS differences

本文介绍适用于 iOS 的 Microsoft 身份验证库 (MSAL) 和适用于 macOS 的 Microsoft 身份验证库 (MSAL) 之间的功能差异。This article explains the differences in functionality between the Microsoft Authentication Library (MSAL) for iOS and macOS.

备注

在 Mac 上,MSAL 仅支持 macOS 应用。On the Mac, MSAL only supports macOS apps.

一般差异General differences

适用于 macOS 的 MSAL 是可用于 iOS 的功能的子集。MSAL for macOS is a subset of the functionality available for iOS.

适用于 macOS 的 MSAL 不支持:MSAL for macOS doesn't support:

  • 不同的浏览器类型,例如 ASWebAuthenticationSessionSFAuthenticationSessionSFSafariViewControllerdifferent browser types such as ASWebAuthenticationSession, SFAuthenticationSession, SFSafariViewController.
  • macOS 不支持通过 Microsoft Authenticator 应用进行代理身份验证。brokered authentication through Microsoft Authenticator app is not supported for macOS.

在 macOS 10.14 及更早版本中,同一发布者的应用之间的密钥链共享受到更多限制。Keychain sharing between apps from the same publisher is more limited on macOS 10.14 and earlier. 使用访问控制列表指定应共享密钥链的应用的路径。Use access control lists to specify the paths to the apps that should share the keychain. 用户可能会看到其他密钥链提示。User may see additional keychain prompts.

在 macOS 10.15+ 中,MSAL 的行为在 iOS 和 macOS 之间是相同的。On macOS 10.15+, MSAL's behavior is the same between iOS and macOS. MSAL 使用密钥链访问组进行密钥链共享。MSAL uses keychain access groups for keychain sharing.

项目设置差异Project setup differences

macOSmacOS

  • 在 macOS 上设置项目时,请确保应用程序使用有效的开发或生产证书进行签名。When you set up your project on macOS, ensure that your application is signed with a valid development or production certificate. MSAL 仍在未签名模式下工作,但它在缓存持久性方面的行为会有所不同。MSAL still works in the unsigned mode, but it will behave differently with regards to cache persistence. 应用应仅出于调试目的而未签名运行。The app should only be run unsigned for debugging purposes. 如果分发未签名的应用,它将:If you distribute the app unsigned, it will:
  1. 在 10.14 及更早版本中,MSAL 将在用户每次重启应用时提示用户输入密钥链密码。On 10.14 and earlier, MSAL will prompt the user for a keychain password every time they restart the app.
  2. 在 10.15+ 中,MSAL 将提示用户提供每次令牌获取的凭据。On 10.15+, MSAL will prompt user for credentials for every token acquisition.
  • macOS 应用无需实现 AppDelegate 调用。macOS apps don't need to implement the AppDelegate call.

iOSiOS

  • 还需要执行其他步骤来设置项目以支持身份验证代理流。There are additional steps to set up your project to support authentication broker flow. 本教程介绍了这些步骤。The steps are called out in the tutorial.
  • iOS 项目需要在 info.plist 中注册自定义方案。iOS projects need to register custom schemes in the info.plist. 在 macOS 上这不是必需的。This isn't required on macOS.