chrome-custom-tab on android

[testuser7713]

Hello,

I have one basic question around SSO

On Android, the latest embedded-browser (chrome-custom-tab) when used by any mobile app for completing the authentication with AAD, the cookie can be persistently stored. Am I right ?
So that another mobile app can leverage the authenticated session stored.
I believe the cookie jar used by custom-tab and the system-browser is SAME

There is NO broker (company-portal app or ms-authenticator app) in action.

Thanks.

[negoe]

Custom Tabs share a cookie jar with the default system browser enabling fewer sign-ins with web or other native apps that have integrated with Custom Tabs..
Android applications have the option to use the WebView, system browser, or Chrome Custom Tabs for authentication user experience. If you are not using brokered authentication in your app, you will need to use the system browser rather than the native webview in order to achieve SSO.
You can find more details here https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-android-single-sign-on#sso-through-system-browser

[testuser7713]

Thanks Neha.
Yes, I am not using broker.
native webview is out of question as we know the limitation.

My apps are using system browser, or Chrome Custom Tabs.
UX point of view the latter is better.
However, from tech point both are same. Right ??
Both shares the same cookie jar.

So if a cookie is persisted while authenticating on Chrome Custom Tab can be used by system-browser on next day by some other app on android.

Am I right ?

[negoe]

Correct.