How to call AcquireTokenInteractively synchronously?

[ccarpediem]

Logs and network traces This issue originated with an issue upgrading our application from Microsoft.Data.SqlClient 2.1.3 to version 3.0. That issue is here https://github.com/dotnet/SqlClient/issues/1209. After the SqlClient team reviewed the issue, they validated the issue and suggested it seems to originate with MSAL and suggested I should open a ticket here to engage the MSAL team about the issue.

Below is a simple sample application showing the issue, but at the above issue opened on SqlClient team, they actually showed additional method directly calling MSAL components (without SqlClient) in which they were able to reproduce the issue. Using the simple sample app I found: • If you set the project to be a console app all works as expected with Managed Identity • If you set the project to be a WinForm app running the exact same code, it will experience the "freeze" • If you update the WinForm code to use "con.OpenAsync().Wait();" instead of "con.Open();" again all works without the freeze

These logs are from event listener showing the activity that occurs via both the synchronous Open() method as well as the asynchronous OpenAsync() method. It at least can show at what point things seem to "freeze" within the process. OpenAsync_Log.txt Open_Log.txt

From what I'm seeing, it appears to be some threading issue.

Which version of MSAL.NET are you using? "Azure.Core" version="1.6.0" targetFramework="net472" "Azure.Identity" version="1.3.0" targetFramework="net472" "Microsoft.Bcl.AsyncInterfaces" version="1.0.0" targetFramework="net472" "Microsoft.Data.SqlClient" version="3.0.0" targetFramework="net472" "Microsoft.Data.SqlClient.SNI" version="3.0.0" targetFramework="net472" "Microsoft.Identity.Client" version="4.22.0" targetFramework="net472" "Microsoft.Identity.Client.Extensions.Msal" version="2.16.5" targetFramework="net472" "Microsoft.IdentityModel.JsonWebTokens" version="6.8.0" targetFramework="net472" "Microsoft.IdentityModel.Logging" version="6.8.0" targetFramework="net472" "Microsoft.IdentityModel.Protocols" version="6.8.0" targetFramework="net472" "Microsoft.IdentityModel.Protocols.OpenIdConnect" version="6.8.0" targetFramework="net472" "Microsoft.IdentityModel.Tokens" version="6.8.0" targetFramework="net472"

Platform .NETFramework 4.7.2

What authentication flow has the issue? Azure Managed Identity to connect from an Azure VM to Azure SQL Managed Instance

Is this a new or existing app? a. The app is in production, and I have upgraded to a new version of MSAL.

Repro WindowsFormsApp4.zip

Expected behavior You should be able to authenticate successfully using Azure Managed Identity using synchronous methods

Actual behavior The application seems to freeze indefinitely and the only way to stop it is kill the process.

Possible solution

Additional context / logs / screenshots

[bgavrilMS]

I don't think this is an actionalble issue for MSAL @ccarpediem . We'd need a repro using MSAL APIs - have a look at AcquireTokenInteractive. I can't even get the code you send to run, it fails with some missing dll exception.

Please note:

• All of MSALs APIs are async because they rely on async operations such as HTTP calls. We do not offer sync APIs. I recommend you refactor your app to use async.
• C# offers several mechanisms for transforming an async operation in to a syncronous one. This is quite complicated and depends on the app itself. I'm pretty sure that in .NET Forms, if you call .Wait() or .Result on the UI thread, you'll deadlock, which is the case here.

Please have a read here: https://medium.com/rubrikkgroup/understanding-async-avoiding-deadlocks-e41f8f2c6f5d

[bgavrilMS]

By the way - MSAL does not integrate with Azure Managed Identity, only Azure SDK does.

[ccarpediem]

OK, thanks I'll revert with the SqlClient team with this info

[ccarpediem]

Actually attached is a much simpler sample only using Microsoft.Identity.Client. This bypasses all the complexity around Azure Managed Identity, SqlClient/etc and still reproduces the issue.

In case for some reason it still won't compile below is the entire app. Run the below inside a WinForms app and it freezes. Run as a console application all works. Also, I see this issue is closed. Should I open a new issue with this simpler code showing the issue?

using System; using System.Threading; using System.Threading.Tasks; using System.Windows.Forms; using Microsoft.Identity.Client;

namespace IdentityTest { public partial class Form1 : Form { public Form1() { InitializeComponent(); }

    private void button1_Click(object sender, EventArgs e)
    {
        var appId = "02aadd77-25eb-4f8a-a7ce-a9a41b03b32d"; // use anything here.
        var authority = "https://login.windows.net/<YourTenantIDHere>/";
        var redirectUri = "https://login.microsoftonline.com/common/oauth2/nativeclient";
        CancellationTokenSource ctsInteractive = new CancellationTokenSource();
        ctsInteractive.CancelAfter(180000);
        IPublicClientApplication app = PublicClientApplicationBuilder.Create(appId)
            .WithAuthority(authority)
            .WithRedirectUri(redirectUri)
            .Build();
        run().Wait();
        async Task run() => await app.AcquireTokenInteractive(new string[] { "https://database.windows.net//.default" })
            .WithLoginHint("")
            .WithCorrelationId(Guid.NewGuid())
            .ExecuteAsync(ctsInteractive.Token);
        textBox1.Text = "Token acquired!";
    }
}

}

IdentityTest.zip

[bgavrilMS]

You cannot call .Wait() on the UI thread, it will deadlock.

The following works fine for me:

private void button1_Click(object sender, EventArgs e)
{
      var pca = PublicClientApplicationBuilder.Create("655015be-5021-4afc-a683-a4223eb5d0e5").WithRedirectUri("http://localhost").Build(); 
      var result = Task.Run(async () => await pca.AcquireTokenInteractive(new[] { "User.Read" }).ExecuteAsync()).GetAwaiter().GetResult();
}

[ccarpediem]

@bgavrilMS, thanks you! It looks like you are right and I've been able to find a change in the internal SqlClient code that does change the way some AquireTokenAsync is called which seems to be the root cause. So it doesn't seem to originate in this project. Thanks for you time!