Microsoft-authentication-library-for-dotnet: [Bug] GetAccountAsync and GetAccountsAsync do not return any accounts for Microsoft Azure Government account on Xamarin.Android

Created on 8 Jan 2021  路  3Comments  路  Source: AzureAD/microsoft-authentication-library-for-dotnet

Logs and Network traces
This issue happens with or without broker. Captured logs for a session with broker were sent with Incident ID E8E523P5

Which Version of MSAL are you using ?
MSAL 4.23.0, MSAL 4.24.0

Platform
Xamarin android (accounts do get returned for Xamarin iOS so it seems to be isolated to Android)

What authentication flow has the issue?

  • Desktop / Mobile

    • [X] Interactive

    • [ ] Integrated Windows Auth

    • [ ] Username Password

    • [ ] Device code flow (browserless)

  • Web App

    • [ ] Authorization code

    • [ ] OBO

  • Daemon App

    • [ ] Service to Service calls

Other? - please describe;

Is this a new or existing app?
This is an existing app but we are currently working on adding support for Microsoft Azure Government accounts

Repro
Code to initialize the ClientApplication

var applicationOptions = new PublicClientApplicationOptions
{
    AadAuthorityAudience = AadAuthorityAudience.AzureAdMultipleOrgs,
    ClientId = "client_id",
    RedirectUri = redirectUri,
};
var applicationBuilder = PublicClientApplicationBuilder
    .CreateWithApplicationOptions(applicationOptions)
    .WithParentActivityOrWindow(this);

ClientApplication = applicationBuilder
    .WithBroker(true)
    .WithAuthority("https://login.microsoftonline.us", "organizations")
    .Build();

Code to acquire token interactively

return await ClientApplication
    .AcquireTokenInteractive(scopes)
    .WithAuthority("https://login.microsoftonline.us", tenantId)
    .WithUseEmbeddedWebView(true)
    .ExecuteAsync();

Code to get account:

return await ClientApplication
    .GetAccountAsync(accountIdentifier)
    .ConfigureAwait(false);

Expected behavior
When doing a silent sign in at app launch, we attempt to get the account object from the MSAL cache for the saved (in our app's user settings) account identifier. GetAccountAsync should return the account since the user has already obtained a token for that account.

Actual behavior
Both GetAccountAsync and GetAccountsAsync do not return any account

Possible Solution
No suggestions as it works for Xamarin iOS

android-broker bug Mobile-Android
Source
picture bemartin

Most helpful comment

The issue suddenly went away. I suspect that some bug in my code was getting the cache in a state where it was not finding accounts for the US Gov cloud since I was making lots of changes to allow switching between Public and US Gov clouds.
I apologize for the false bug report. I will re-open it if I ever figure out why this was happening and can have a repro that would warrant some type of change on the MSAL side

picture bemartin on 12 Jan 2021
👍2

All 3 comments

@bemartin you confirm that this is the same without broker?

jmprieur picture jmprieur on 8 Jan 2021

@bemartin Benoit Martin (AAPT) FTE you confirm that this is the same without broker?

Yes, I am observing the same behavior with or without broker

bemartin picture bemartin on 8 Jan 2021

The issue suddenly went away. I suspect that some bug in my code was getting the cache in a state where it was not finding accounts for the US Gov cloud since I was making lots of changes to allow switching between Public and US Gov clouds.
I apologize for the false bug report. I will re-open it if I ever figure out why this was happening and can have a repro that would warrant some type of change on the MSAL side

bemartin picture bemartin on 12 Jan 2021
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

yhvicey picture yhvicey  路  3Comments
geoffreygeslin picture geoffreygeslin  路  4Comments
crmann1 picture crmann1  路  5Comments
jennyf19 picture jennyf19  路  5Comments
trwalke picture trwalke  路  4Comments