Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Bug] Microsoft.Identity.Client.MsalServiceException: Unknown Status: Unexpected - from terminal.

See original GitHub issue

Logs and network traces MSAL.Desktop.4.48.1.0.MsalServiceException: ErrorCode: unknown_broker_error Microsoft.Identity.Client.MsalServiceException: Unknown Status: Unexpected Context: Missing wamcompat_id_token in WAM case Tag: 0x20714047 (error code 0) (internal error code 544292935) bei Microsoft.Identity.Client.Broker.WamAdapters.ThrowExceptionFromWamError(AuthResult authResult, AuthenticationRequestParameters authenticationRequestParameters, ILoggerAdapter logger) bei Microsoft.Identity.Client.Broker.WamAdapters.HandleResponse(AuthResult authResult, AuthenticationRequestParameters authenticationRequestParameters, ILoggerAdapter logger, String errorMessage) bei Microsoft.Identity.Client.Broker.RuntimeBroker.<SignInInteractivelyAsync>d__11.MoveNext() — Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde — bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) bei Microsoft.Identity.Client.Broker.RuntimeBroker.<AcquireTokenInteractiveAsync>d__10.MoveNext() — Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde — bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) bei Microsoft.Identity.Client.Internal.Broker.BrokerInteractiveRequestComponent.<FetchTokensAsync>d__9.MoveNext() — Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde — bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) bei Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<FetchTokensFromBrokerAsync>d__10.MoveNext() — Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde — bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) bei Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<GetTokenResponseAsync>d__11.MoveNext() — Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde — bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) bei Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<ExecuteAsync>d__9.MoveNext() — Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde — bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) bei Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__12.MoveNext() — Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde — bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) bei Microsoft.Identity.Client.ApiConfig.Executors.PublicClientExecutor.<ExecuteAsync>d__2.MoveNext()

Which version of MSAL.NET are you using?

Platform .NET Framework 4.8 Desktop

What authentication flow has the issue?

  • Desktop
    • Interactive
    • [ X] Integrated Windows Authentication
    • [ X] Username Password
    • Device code flow (browserless)

Is this a new or existing app? The app is in production, I haven’t upgraded MSAL, but started seeing this issue.

The customer start to expirencene login problems on his terminal-server. All his notebooks/workstation work without a problem.

Repro


  private static void InitializePublicClientApplication(IWin32Window parent = null)
        {
            var clientAppId = UserSettings.Instance.AzureAppId;
            var builder = PublicClientApplicationBuilder
                .Create(clientAppId)
                .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs)
                .WithExperimentalFeatures(true)
                //.WithLogging(new MaslLogger(), enablePiiLogging: true)
                .WithParentActivityOrWindow(() => parent)
                .WithRedirectUri("ms-appx-web://microsoft.aad.brokerplugin/3932e83d-62c5-4f03-aaa9-7c6e86dbafad")
                .WithBrokerPreview(true);
            ;

            _ClientApp = builder.Build();
            GraphTokenCacheHelper.EnableSerialization(_ClientApp.UserTokenCache);
            RestoreContext();
        }

     protected async Task<AuthenticationResult> ForceUserLogin(
            IEnumerable<string> scopes,
            IEnumerable<string> additionalScopes,
            IWin32Window parentWindow
        )
        {
            try
            {
                if (parentWindow == null)
                {
                    throw new ArgumentNullException(nameof(parentWindow));
                }
              
                var builder = ClientApp
                    .AcquireTokenInteractive(scopes)
                    .WithExtraScopesToConsent(additionalScopes)
                    .WithParentActivityOrWindow(parentWindow.Handle);

                AuthenticationResult result = await builder.ExecuteAsync();
                return result;

            }
            catch (MsalException ex)
            {
                LOG.ErrorToDefault($"ConnectionProviderBase.ForceUserLogin: Could not authenticate user in UI.", ex);
                throw;
            }
        }

Expected behavior The force login method should generate a bearer-token and a refresh token for later use

Actual behavior The broker dialog display a success message, but the msal-library return a exception.

Additional context / logs / screenshots / links to code If the user chooses to the option “No, sign in to this app only”, we get the following error:

MSAL.Desktop.4.48.1.0.MsalUiRequiredException: ErrorCode: failed_to_acquire_token_silently_from_broker Microsoft.Identity.Client.MsalUiRequiredException: WAM Error
Error Code: 3399614467 Error Message: V2Error: invalid_grant AADSTS700082: The refresh token has expired due to inactivity. The token was issued on 2022-05-21T13:33:17.1657938Z and was inactive for 90.00:00:00. Trace ID: 224ef9ce-2fcb-48e6-b259-c7d51fee2c00 Correlation ID: 5ba9596c-99da-4772-878d-aa644ddb7300 Timestamp: 2023-04-18 07:20:34Z Internal Error Code: 558133255

Issue Analytics

  • State:open
  • Created 5 months ago
  • Reactions:1
  • Comments:11 (5 by maintainers)

github_iconTop GitHub Comments

1reaction
JuergenHaverkampcommented, Apr 20, 2023

We will try and let you know. 😃

1reaction
bgavrilMScommented, Apr 20, 2023

Hi, we have made significant changes in MSAL’s interaction with WAM in recent versions of MSAL.

Please upgrade to MSAL 4.53 and report back if the error persists. See https:\aka.ms\msal-net-wam

Read more comments on GitHub >

github_iconTop Results From Across the Web

Handle errors and exceptions in MSAL.NET
MsalServiceException is thrown when the Identity Provider (Azure AD) returns an error. It's a translation of the server error.
Read more >
MsalServiceException Class (Microsoft.Identity.Client)
Exception type thrown when service returns an error response or other networking errors occur. For more details, see https://aka.ms/msal-net-exceptions.
Read more >
Service Connection Point error - Microsoft Q&A
Exception of type 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException' was thrown. Unexpected exception for worker M365AUploadWorker
Read more >
MsalServiceException Class
This exception class represents errors when communicating to the service, can be from the authorize or token endpoints. MSAL reads the error and ......
Read more >
Running Msal app on AWS instances. #4032
Hello, team! We have an application using MSAL library. App works fine on our working physical machines. But we are using AWS instances...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[Bug] Azure AD B2C authentication fails on UWP

Next page

[Bug] Json serializer fails on iOS in release mode (AOT) - regression in v4.52.0