Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

AcquireTokenSilentAsync returns "Authority passed to silent parameters does not match with the cloud associated to the account."

See original GitHub issue

I have a working app with a b2c configuration. Up until now I used the legacy b2c policy / authority URL’s: e.g. https://login.microsoftonline.com/tfp/<my-tenant>/B2C_1_SignUpPolicy.

Today I tried to change them to the new URL style: e.g. https://whatever.b2clogin.com/tfp/<my-tenant>/B2C_1_SignUpPolicy/

And suddenly I get the mentioned error from above when calling acquireTokenSilentAsync. I also compared with the sample app (https://github.com/Azure-Samples/ms-identity-android-java/) and couldn’t find a real difference.

I also started investigating myself and dug quite deep and found the exception is thrown here:

public class AcquireTokenSilentOperationParameters extends OperationParameters {
//.... what ever
    @Override
    public void validate() throws ArgumentException {
        super.validate();

        if (mAccount == null) {
            Logger.warn(TAG, "The account set on silent operation parameters is NULL.");
        } else if (!authorityMatchesAccountEnvironment()) {
            throw new ArgumentException(
                    ArgumentException.ACQUIRE_TOKEN_SILENT_OPERATION_NAME,
                    ArgumentException.AUTHORITY_ARGUMENT_NAME,
                    "Authority passed to silent parameters does not match with the cloud associated to the account."
            );
        }
    }

    private boolean authorityMatchesAccountEnvironment() {
        final String methodName = ":authorityMatchesAccountEnvironment";
        try {
            if (!AzureActiveDirectory.isInitialized()) {
                performCloudDiscovery();
            }
            final AzureActiveDirectoryCloud cloud = AzureActiveDirectory.getAzureActiveDirectoryCloudFromHostName(mAccount.getEnvironment());
            return cloud != null && cloud.getPreferredNetworkHostName().equals(getAuthority().getAuthorityURL().getAuthority());
        } catch (IOException e) {
            Logger.error(
                    TAG + methodName,
                    "Unable to perform cloud discovery",
                    e);
            return false;
        }
    }

I debugged into the method final AzureActiveDirectoryCloud cloud = AzureActiveDirectory.getAzureActiveDirectoryCloudFromHostName(mAccount.getEnvironment()); which returns null, because it contains only the following hosts:

my host (whatever.b2clogin.com) obviously doesn’t match there and therefore null is returned.

However I cannot believe that such a bug exists in this library. So I assume I configured something wrong. However I just can’t point my finger on what it could be.

Here is my configuration:

{
  "client_id": "whatever",
  "redirect_uri": "msalbwhatever://auth",
  "broker_redirect_uri_registered": false,
  "authorities": [
    {
      "type": "B2C",
      "authority_url": "https://whatever.b2clogin.com/tfp/whatever.onmicrosoft.com/B2C_1_SignInSignUpPolicy/",
      "default": true
    },
    {
      "type": "B2C",
      "authority_url": "https://whatever.b2clogin.com/tfp/whatever.onmicrosoft.com/B2C_1_SignUpPolicy/"
    },
    {
      "type": "B2C",
      "authority_url": "https://whatever.b2clogin.com/tfp/whatever.onmicrosoft.com/B2C_1_ResetPasswordPolicy/"
    }
  ],
  "account_mode": "MULTIPLE",
  "logging": {
    "pii_enabled": true,
    "log_level": "VERBOSE",
    "logcat_enabled": true
  }
}

Any help would be greatly appreciated!