microsoft-authentication-library-for-dotnet: Silent authentication call results in unexpected network call

Which Version of MSAL are you using ? MSAL.NET 3.0.8

Platform net45

What authentication flow has the issue?

  • Desktop / Mobile
    • Silent

Is this a new or existing app? This is a new app or experiment.

Repro Please see the following command line app which is a simplified model of how we are using MSAL: https://gist.github.com/mjcheetham/d3faa36325beef54527a5434e6445ddb

The specific offending code is line 80:

app.AcquireTokenSilent(Scopes, account).ExecuteAsync()

Running the application once will perform an interactive authentication and store the AT/RT in a cache at %UserProfile%\.gettoken\msal.cache (using MSAL’s cache extensibility APIs).

Running the application a second time will perform a silent authentication for the same user as previous.

Expected behavior No web call is performed (unless the access token has expired).

Actual behavior An instance discovery web call is made.

Possible Solution Unknown.

Additional context/ Logs / Screenshots Fiddler shows the following request: image

image

…with the following response: image

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 1
  • Comments: 17 (10 by maintainers)

Most upvoted comments

@stevehurcombe , I’ve added the scenarios for mobile as well.

So to confirm this wont work for the Azure B2C case because the authority host is something like this: {tenantName}.b2clogin.com?

If so, then I take it there would have to be a code adjustment to support the the vast array of URLs rather than just the provided list from this comment: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1174#issuecomment-509664673