Open q-benwillis opened 1 week ago
Hello @q-benwillis, could you clarify a few things:
acquireTokenSilently(SilentParameters)
API? If so, are you passing in the account object you got in the result of the original acquireToken(OnBehalfOfParameters)
, and does that account object have a value for homeAccountId
?
The line in TokenCache
that you linked is where the homeAccountId value is potentially set in the cache, but it's here where the null is being found and failing: https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/081341c8d0afe8ca5d024f60047d45c5f440a5c7/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenCache.java#L480C37-L480C57
However, for that to fail it means it's being passed a non-null Account object that has a null homeAccountId field. But homeAccountId is essentially the tenant ID plus the account ID in that tenant, and I can't imagine a scenario where that would be null.
Hi, thanks for taking a look at this
Are you explicitly calling the acquireTokenSilently(SilentParameters) API? If so, are you passing in the account object you got in the result of the original acquireToken(OnBehalfOfParameters), and does that account object have a value for homeAccountId?
Yes I am explicitly calling acquireTokenSilently(SilentParameters)
and passing in the account object I received from a previous call. I've used the debugger to validate that the account definitely does have a homeAccountId
so you could try simply calling acquireToken(OnBehalfOfParameters) twice and seeing if you get the same error (and if not, confirm you get the same token)
I didn't think I could call acquireToken(OnBehalfOfParameters)
because the user assertion I was using would have expired and I want to use the refresh token which I believe is stored in the cache?
When you say it's working in "some of my test scenarios", does that mean in some test scenarios it is failing just like in the deployed version? And in the deployed version is it also only failing in some scenarios or all of them?
Apologies this was a little vague. If I just call acquireToken(OnBehalfOfParameters)
and then call acquireTokenSilently(SilentParameters)
with the account I can get a token succesfully.
However if I call acquireToken(OnBehalfOfParameters)
, then acquireToken(ClientCredentialParameters)
and then acquireTokenSilently(SilentParameters)
using the account from the first OBO response I get the NPE.
Library version used
1.15.1
Java version
openjdk version "17.0.11" 2024-04-16 LTS
Scenario
ConfidentialClient - web api (AcquireTokenOnBehalfOf)
Is this a new or an existing app?
This is a new app or experiment
Issue description and reproduction steps
Seeing the following NPE when attempting to acquire a token silently:
I've acquired an Authentication Result using the
OnBehalfOfParameters
and am now trying to get a token silently using the account from the first Authentication Result.I've seen this working in some of my test scenarios but in the deployed version of my application I get this warning and null pointer exception.
Relevant code snippets
No response
Expected behavior
Retrieve token silently using account
Identity provider
Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)
Regression
No response
Solution and workarounds
I feel like here we could just check that
homeAccountId
isn'tnull
for each access token?I think it's because I have previously requested an app token which is stored in the same cache, I could also perhaps use two different confidential clients.