Share via

Is there a common .NET MAUI implementation for AccountManager / AccountAuthenticator?

Mikhail14521 0 Reputation points
2025-12-15T13:24:50.27+00:00

Hello team,

I have a question regarding authentication in .NET MAUI.

On Android there are built‑in classes such as AccountManager and AccountAuthenticatorActivity that allow applications to create accounts, list them in system settings, and obtain tokens. However, when I look at .NET MAUI I cannot find a common implementation or documentation for accessing AccountManager or using an AccountAuthenticator.

I understand that platform‑specific code can be used, but some of the Android classes are marked as deprecated, and I could not find clear guidance or examples on how this should be approached in MAUI. Ideally, I would like to be able to:

Create accounts programmatically and see them listed in the device’s system settings.

Handle cases where a user manually adds an account.

Use AccountManager to obtain tokens for those accounts.

Store tokens securely, respecting their lifetime (similar to cookies), so that after restarting the app the token can be picked up again.

If AccountManager is not recommended, what is the suggested way in .NET MAUI to store and manage tokens safely? For example, when using MSAL with Duende OpenID Connect, tokens need to be persisted and refreshed. I found a basic sample repo here: Duende + MSAL sample — but it does not cover integration with Android’s global account storage or other token storage.

So my main question is: Is there a general .NET MAUI implementation for accessing Android’s AccountManager and AccountAuthenticator, or is the recommended approach to avoid them entirely and rely only on MSAL with SecureStorage?

Thank you very much for your time, and apologies if I missed existing documentation or examples.

Developer technologies | .NET | .NET MAUI
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jack Dang (WICLOUD CORPORATION) 6,125 Reputation points Microsoft External Staff Moderator
    2025-12-16T09:07:18.2066667+00:00

    Hi @Mikhail14521 ,

    Thanks for reaching out!

    You made a good observation: the Duende + MSAL sample focuses on local token storage and doesn’t include integration with Android’s system-wide account storage. In .NET MAUI, that’s actually expected and intentional, and it comes down to how cross-platform development is designed and the security practices recommended by Microsoft.

    For storing tokens and other sensitive information, the recommended approach in MAUI is to use SecureStorage. Each platform handles this securely: on Android it uses the Keystore, on iOS the Keychain, and on Windows the Credential Locker. The official Microsoft documentation explains that SecureStorage is the right way to persist sensitive key/value pairs in a secure manner. You can see the details here:

    https://learn.microsoft.com/en-us/dotnet/api/microsoft.maui.storage.securestorage?view=net-maui-9.0

    So rather than trying to integrate with Android’s global account storage (which is Android-only and relies on some deprecated APIs), using SecureStorage gives you a cross-platform, maintainable, and secure solution. It also allows your tokens to survive app restarts, and combined with MSAL.NET or Duende OpenID Connect, you get automatic token refresh and lifetime management. In fact, while it might feel like using system-wide accounts would be more robust, in practice SecureStorage combined with MSAL/Duende provides secure token persistence and automatic refresh for all typical scenarios, and is considered the standard approach for MAUI apps. MSAL.NET is fully supported in MAUI and works on both Android and iOS, which makes it the standard library for handling authentication tokens in mobile apps. The official docs say:

    https://learn.microsoft.com/en-us/entra/msal/dotnet/acquiring-tokens/desktop-mobile/mobile-applications

    “MSAL.NET can run on mobile devices (both iOS and Android) through applications built with .NET MAUI.”

    In addition, MAUI documentation recommends using modern web-based authentication flows rather than older mobile-only approaches, which would include relying on Android’s AccountManager. The WebAuthenticator guidance notes:

    https://learn.microsoft.com/en-us/dotnet/maui/platform-integration/communication/authentication

    “…we strongly recommend against using older mobile-only authentication libraries and patterns which do not leverage a web backend in the authentication flow, due to their inherent lack of security…”

    One reason for this is that MAUI is designed to be cross-platform. If you tied your authentication logic to Android’s system-wide accounts, you would need to write and maintain separate implementations for iOS (Keychain) and Windows (Credential Locker). That’s a lot more work and introduces potential security and maintenance issues. Using SecureStorage and MSAL or Duende gives you a consistent, secure approach on all platforms without having to manage multiple account stores.

    That said, if your app truly requires integration with Android’s system accounts, it is technically possible to do so using platform-specific code via DependencyService or partial classes in MAUI. But this is optional, Android-only, and generally not needed for most apps. That’s why the Duende + MSAL sample doesn’t cover it.

    So in short, while it might feel limiting that MAUI doesn’t provide direct integration with Android’s global account storage, the current recommended approach is to use MSAL.NET or Duende OpenID Connect together with SecureStorage. This ensures tokens are stored securely, survive app restarts, can be refreshed automatically, and work consistently across all platforms.

    Hope this helps! If my answer was helpful - kindly follow the instructions here so others with the same problem can benefit as well.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.