We’re announcing that we will be introducing a user experience change to our OAuth 2.0 authorization code flow for native applications starting today. We expect this change to be fully deployed by mid-May.
A native application can obtain an OAuth 2.0 authorization code silently and without user interaction, if the user has already consented to the application.
If your app requests an OAuth 2.0 authorization code through a web-view, there is no change from today.
However, if your app requests an OAuth 2.0 authorization code through a browser or in-app browser tab (such as Chrome custom tabs or ASWebAuthenticationSession), a dialog will be displayed when all the following conditions are met:
- The user is already authenticated in the browser window with their Microsoft account or Azure Active Directory.
- The user has already consented to use your app.
- Your app uses a URI scheme redirect as the return URI for the authorization code request.
Call to action
If your app is affected, ensure that your application’s display name in the Azure portal app registrations blade is accurate and matches your desktop or mobile app’s name.
-The Microsoft Identity Platform Team