Share via

Support Custom HTTP Client (Proxy) in MSAL Android for P2P Bootstrap Connectivity

Remo Grado | RIWO 0 Reputation points
2025-07-07T07:47:44.2933333+00:00

I'm developing an Android app that uses the Wi‑Fi Bootstrap API to establish a persistent peer-to-peer (P2P) connection to a specific device. This connection is essential to the app's functionality, but the API explicitly does not provide internet access. As a result, when connected to the P2P network, MSAL fails to refresh access tokens because it cannot reach the required endpoints.

We cannot use the Wi‑Fi Suggestion API because it doesn’t guarantee a direct connection. The only viable solution is to route MSAL network traffic through a proxy running on the connected device.

Currently, the MSAL Android library appears to ignore the system or default proxy settings, which prevents us from routing requests through this proxy.

What I’m requesting is either:

  1. MSAL Android should respect the system proxy settings used by the HttpURLConnection or HttpClient it internally uses.
  2. Or, provide a supported way to configure proxy usage for internal MSAL network traffic—without needing to inject a fully custom HttpClient.

I’m aware that .NET MSAL allows proxy configuration through a custom HTTP client, but Android developers currently have no reliable mechanism to achieve the same outcome.

Workarounds I’ve tried:

  1. Using URL.setURLStreamHandlerFactory() to intercept and forward requests through the proxy — this is fragile and unsafe in apps using multiple libraries.
  2. Attempting to override SSLSocketFactory via reflection — also unsuccessful and risky.
  3. I also tried setting system properties for proxies, but MSAL still bypasses them.

This limitation effectively blocks MSAL use in apps that rely on Wi‑Fi P2P without external internet.

Questions:

  1. Can MSAL Android be updated to respect system-wide proxy settings?
  2. If not, is there any supported or recommended approach to route MSAL token requests through a local proxy?
  3. Is there any plan to support proxy configuration in the MSAL Android SDK?

This feature would greatly improve MSAL's support for constrained networking environments like IoT and local-only mesh networks.

Below are the Github issues ive created which haven't gotten a single response from the developers.

  1. https://github.com/AzureAD/microsoft-authentication-library-for-android/issues/2297
  2. https://github.com/AzureAD/microsoft-authentication-library-common-for-android/pull/2650
  3. https://github.com/AzureAD/microsoft-authentication-library-common-for-android/issues/2661

If i should ask this question somewhere else please let me know where since i have no clue where i can ask for features like this and get some actual feedback

Developer technologies | ASP.NET | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Raymond Huynh (WICLOUD CORPORATION) 715 Reputation points Microsoft External Staff
    2025-08-13T08:21:02.41+00:00

    Hi Remo Grado | RIWO,

    Thank you for your detailed inquiry regarding proxy support in MSAL Android. I've reviewed your GitHub issues (#2297, #2650, and #2661) and this thread, and I can provide answers to your three key questions based on the current state of the MSAL Android library.

    Direct Answers to Your Questions

    1. Can MSAL Android be updated to respect system-wide proxy settings?

    Currently, MSAL Android does not respect system-wide proxy settings. The library's underlying HTTP client doesn't automatically inherit Android's OS-level proxy configurations. This is a limitation when compared to MSAL .NET which does honor system proxy settings. Your GitHub issues have clearly documented this gap.

    2. Is there any supported or recommended approach to route MSAL token requests through a local proxy?

    Unfortunately, there is no officially supported method for configuring proxy settings in MSAL Android at this time. The library doesn't expose a public API for custom HTTP client configuration or proxy settings. While some developers have experimented with workarounds (like reflection-based approaches), these are unsupported and could break with future library updates. Your technical analysis in the GitHub issues demonstrates the complexity of implementing this without official SDK support.

    3. Is there any plan to support proxy configuration in the MSAL Android SDK?

    While your GitHub issues remain open and document the technical need well, there's no publicly available timeline for this feature implementation. The issues serve as valuable documentation for the community and Microsoft's engineering teams.

    Alternative Approaches to Get Attention

    Since your GitHub issues have been comprehensive and well-documented, you might consider these additional channels to highlight this requirement:

    Microsoft Enterprise Support

    • If your organization has a Microsoft support contract, create a formal support ticket
    • Enterprise customers often get more direct engineering attention for feature requests
    • Include business impact details and affected user counts

    LinkedIn/Twitter Engagement

    • Reach out to Microsoft Identity team members on professional networks
    • Sometimes direct engagement gets issues noticed more quickly

    Current Workaround Documentation

    Your detailed technical analysis across the three GitHub issues provides excellent documentation for the community. Consider also:

    • Creating a comprehensive blog post or documentation about the limitation
    • Sharing your findings in Android development communities
    • Contributing to Stack Overflow discussions on this topic

    Your thorough documentation of this issue has been valuable for the community, and exploring these additional channels might help get the visibility this legitimate requirement deserves.

    Hope this helps!

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.