Closed tclausing closed 5 months ago
Hello @tclausing : In MSAL Java login hint is not supported for the silent flow, it only allows the Account object commonly returned in the AuthenticationResult.
However, some other MSALs allow login hints to be passed in so we'll discuss adding it and I'll update this thread once I have more info. In the meantime, as a workaround you could use the getAccounts API to get the list of cached accounts, sort through them based on the account's username, and then pass in the correct account to the silent flow:
//assuming you have a public client app named 'app' that you've been getting tokens with
Set<IAccount> accountsInCache = app.getAccounts().join();
//In a public client scenario each session should have a small number of accounts, so this will be a quick search
while(accountsInCache.iterator().hasNext()) {
account = accountsInCache.iterator().next()
if (account.username().equals(someLoginHint)) {
//break loop and anything else you want to do with the account
}
}
SilentParameters silentParameters = SilentParameters.builder(someScopes, account).build()
Goal: silently acquire a token using the
login_hint
optional claim pattern as documented in msal.js here.acquireTokenSilently
looked encouraging but per javadoc it's only a cache fetch/refresh, andSilentParameters
doesn't accept aloginHint
.AuthorizationRequestUrlParameters
andInteractiveRequestParameters
do but they don't seem to apply to a "silent" flow in the server-side sense (without a redirect/popup).Is the
login_hint
optional claim pattern possible as a "silent" server-side-only solution (or a possible enhancement) with msal4j?