Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Bug] Incorrect authority in AuthResult using instance_aware

See original GitHub issue

I used the below mentioned configuration and tried logging into a non-public cloud. I got logged in, successfully got access token as well, everything is correct Except Authority is not of respective cloud. It seems library is overriding the authority it gets in their result.

Also, when I enable instance_aware manually using query params it works fine except authority but when I use WithMultiCloudSupport(true) it doesn’t work.

Which version of MSAL.NET are you using? MSAL.NET 4.46.0

Platform .NET Framework: 4.7

What authentication flow has the issue?

Desktop
- Integrated Windows Authentication

Is this a new or existing app? The app is in production, I haven’t upgraded MSAL, but started seeing this issue.

Repro 1.Use this configuration of WAM

return PublicClientApplicationBuilder.Create(clientId)
.WithDefaultRedirectUri()
.WithAuthority(authority, tenant)
.WithExtraQueryParameters(new Dictionary<string, string>()
{{"instance_aware", "true" }
})
.WithWindowsBroker().WithMsalLogging();

2.Login using a non-public cloud account which is not added to your OS.

Expected behavior Environment of respective cloud in AuthResult (account used is non-public).

Actual behavior Got Public Environment in AuthResult but the account was non-public cloud.

Possible solution Do not override the auth result, instead return the authority as it is at least for non-public cloud OR fix WithMultiCloudSupport(true) with WAM.