search

AzureAD / microsoft-authentication-library-for-dotnet

Microsoft Authentication Library (MSAL) for .NET
https://aka.ms/msal-net
MIT License
1.39k stars 340 forks source link

[Bug] MSAL Not Falling Back to Browser on WAM-Unsupported Machines #4333

Open msft-robertxu opened 1 year ago

msft-robertxu commented 1 year ago

Library version used

4.51.0

.NET version

.NET 6.0

Scenario

PublicClient - desktop app

Is this a new or an existing app?

The app is in production, and I have upgraded to a new version of MSAL

Issue description and reproduction steps

When running on Windows Server 2016, which is not supported by WAM, calling AcquireTokenSilent still triggers WAM, which returns failed_to_acquire_token_silently_from_broker. Then, since the error is a MsalUiRequiredException, we have logic to retry interactively, which works as normal/expected.

Is there a way for MSAL to automatically not try to use WAM since it is not supported and still be able to silently login?

Here are logs: https://microsoft-my.sharepoint.com/:u:/p/robertxu/EXMaJA6TFPpIuLbfOt1TghEBopuU98lGuYKePaq-L1AAtg?e=oCVhFu

Relevant code snippets

No response

Expected behavior

No response

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

No response

bgavrilMS commented 1 year ago

Possible duplicate of https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4209

msft-robertxu commented 1 year ago

In the linked bug above, I tried to use the workaround of IsBrokerAvailable(), however since our product is using .NET Framework, I had to bring in Microsoft.Identity.Client.Desktop to use WithDesktopFeatures() otherwise IsBrokerAvailable() get returning false.

We are also running into some build issues separately with Microsoft.Identity.Client.Desktop - is there any other way to verify if the broker is available?