AcquireTokenSilentAsync returns "Authority passed to silent parameters does not match with the cloud associated to the account."
See original GitHub issueI have a working app with a b2c
configuration. Up until now I used the legacy b2c policy / authority URL’s: e.g. https://login.microsoftonline.com/tfp/<my-tenant>/B2C_1_SignUpPolicy
.
Today I tried to change them to the new URL style: e.g. https://whatever.b2clogin.com/tfp/<my-tenant>/B2C_1_SignUpPolicy/
And suddenly I get the mentioned error from above when calling acquireTokenSilentAsync
.
I also compared with the sample app (https://github.com/Azure-Samples/ms-identity-android-java/) and couldn’t find a real difference.
I also started investigating myself and dug quite deep and found the exception is thrown here:
public class AcquireTokenSilentOperationParameters extends OperationParameters {
//.... what ever
@Override
public void validate() throws ArgumentException {
super.validate();
if (mAccount == null) {
Logger.warn(TAG, "The account set on silent operation parameters is NULL.");
} else if (!authorityMatchesAccountEnvironment()) {
throw new ArgumentException(
ArgumentException.ACQUIRE_TOKEN_SILENT_OPERATION_NAME,
ArgumentException.AUTHORITY_ARGUMENT_NAME,
"Authority passed to silent parameters does not match with the cloud associated to the account."
);
}
}
private boolean authorityMatchesAccountEnvironment() {
final String methodName = ":authorityMatchesAccountEnvironment";
try {
if (!AzureActiveDirectory.isInitialized()) {
performCloudDiscovery();
}
final AzureActiveDirectoryCloud cloud = AzureActiveDirectory.getAzureActiveDirectoryCloudFromHostName(mAccount.getEnvironment());
return cloud != null && cloud.getPreferredNetworkHostName().equals(getAuthority().getAuthorityURL().getAuthority());
} catch (IOException e) {
Logger.error(
TAG + methodName,
"Unable to perform cloud discovery",
e);
return false;
}
}
I debugged into the method final AzureActiveDirectoryCloud cloud = AzureActiveDirectory.getAzureActiveDirectoryCloudFromHostName(mAccount.getEnvironment());
which returns null, because it contains only the following hosts:
my host (whatever.b2clogin.com
) obviously doesn’t match there and therefore null
is returned.
However I cannot believe that such a bug exists in this library. So I assume I configured something wrong. However I just can’t point my finger on what it could be.
Here is my configuration:
{
"client_id": "whatever",
"redirect_uri": "msalbwhatever://auth",
"broker_redirect_uri_registered": false,
"authorities": [
{
"type": "B2C",
"authority_url": "https://whatever.b2clogin.com/tfp/whatever.onmicrosoft.com/B2C_1_SignInSignUpPolicy/",
"default": true
},
{
"type": "B2C",
"authority_url": "https://whatever.b2clogin.com/tfp/whatever.onmicrosoft.com/B2C_1_SignUpPolicy/"
},
{
"type": "B2C",
"authority_url": "https://whatever.b2clogin.com/tfp/whatever.onmicrosoft.com/B2C_1_ResetPasswordPolicy/"
}
],
"account_mode": "MULTIPLE",
"logging": {
"pii_enabled": true,
"log_level": "VERBOSE",
"logcat_enabled": true
}
}
Any help would be greatly appreciated!
Issue Analytics
- State:
- Created 4 years ago
- Comments:20 (16 by maintainers)
Top GitHub Comments
Tested this just now and I can confirm it’s now working as expected.
Thanks for the quick fix 👍
@duyvt88 I’m glad to hear that 😊