[Question] Is login_hint optional claim flow supported similar to msal.js?

[tclausing]

Goal: silently acquire a token using the login_hint optional claim pattern as documented in msal.js here.

acquireTokenSilently looked encouraging but per javadoc it's only a cache fetch/refresh, and SilentParameters doesn't accept a loginHint. AuthorizationRequestUrlParameters and InteractiveRequestParameters do but they don't seem to apply to a "silent" flow in the server-side sense (without a redirect/popup).

Is the login_hint optional claim pattern possible as a "silent" server-side-only solution (or a possible enhancement) with msal4j?

[Avery-Dunn]

Hello @tclausing : In MSAL Java login hint is not supported for the silent flow, it only allows the Account object commonly returned in the AuthenticationResult.

However, some other MSALs allow login hints to be passed in so we'll discuss adding it and I'll update this thread once I have more info. In the meantime, as a workaround you could use the getAccounts API to get the list of cached accounts, sort through them based on the account's username, and then pass in the correct account to the silent flow:

//assuming you have a public client app named 'app' that you've been getting tokens with
Set<IAccount> accountsInCache = app.getAccounts().join();

//In a public client scenario each session should have a small number of accounts, so this will be a quick search
while(accountsInCache.iterator().hasNext()) {
  account = accountsInCache.iterator().next()
  if (account.username().equals(someLoginHint)) { 
    //break loop and anything else you want to do with the account
  }
}

SilentParameters silentParameters = SilentParameters.builder(someScopes, account).build()