Configuring ConfidentialClientApplication via `.WithTenantIdFromAuthority` and a dStS authority fails with error

AzureAD / microsoft-authentication-library-for-dotnet

Microsoft Authentication Library (MSAL) for .NET

https://aka.ms/msal-net

MIT License

1.39k stars 340 forks source link

Configuring ConfidentialClientApplication via `.WithTenantIdFromAuthority` and a dStS authority fails with error #4927

Closed christothes closed 1 month ago

christothes commented 1 month ago

Building a confidential client using a dsts authority and calling ExecuteAsync fails with an error:

"A authority of type Dsts was used at the application and of type Aad at the request level. Please use the same authority type between the two."

An example configuration is below:

builder.WithTenantIdFromAuthority(
new Uri("https://usnorth-passive-dsts.dsts.core.windows.net/dstsv2/<some tenantId>"));

Prior to it being deprecated, this used to work via the following API:

builder.WithAuthority(AuthorityHost.AbsoluteUri, tenantId)

bgavrilMS commented 1 month ago

Hi @neha-bhargava - can you please have a look at this as this is blocking partners from upgrading to a safe version of Az SDK

neha-bhargava commented 1 month ago

Sure, taking a look.

bgavrilMS commented 1 month ago

Here's a repro

 [TestMethod]
 public async Task TestAsync()
 {
     string AuthorityHost = "https://usnorth-passive-dsts.dsts.core.windows.net/dstsv2/";
     string tenantId = "tenant";

     UriBuilder uriBuilder = new UriBuilder(AuthorityHost)
     {
         Path = tenantId
     };

     var app = ConfidentialClientApplicationBuilder
         .Create(TestConstants.ClientId)
         .WithAuthority(AuthorityHost, tenantId)
         .WithClientSecret("secret")
         .Build();

     AuthenticationResult res = await app
         .AcquireTokenForClient(TestConstants.s_scope)
         .WithTenantIdFromAuthority(uriBuilder.Uri)
         .ExecuteAsync()
         .ConfigureAwait(false);
 }