Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[Bug] Multiple calls to AquireTokenInteractive with different accounts gives same credentials which return same initial graph account details
See original GitHub issueI’m prototyping a scenario where we want the user to signin to multiple accounts at once. Hitting a weird caching (I believe) issue. (This is essentially a boiled down version of what MCT is using in the quickcreate msal provider… but I am changing it to only use Microsoft.Identity items and to not silent login, instead asking for a account selection dialog.
The code returns the same account for both calls to Login, regardless of using different accounts.
Which Version of MSAL are you using ? MSAL 4.14.0 (via the Microsoft.Graph.Auth nuget)
Platform UWP
What authentication flow has the issue?
- Desktop / Mobile
- Interactive
- Integrated Windows Auth
- Username Password
- Device code flow (browserless)
- Web App
- Authorization code
- OBO
- Web API
- OBO
Other? - please describe;
Is this a new or existing app? The app is in development as a proof of concept to gather data from two different Graph accounts, I haven’t upgraded MSAL, but started seeing this issue initially when using the Identity classes through the nuget packages for Graph
Repro Run ‘Login()’ from code below twice, using separate accounts. Observe debug output.
Expected behavior Separate names displayed for respective accounts.
Actual behavior • The selection dialog is not displayed, only the login dialog. (as if there is no account cached • Then after signin, it one of a few odd things o Sign in as X… get Y’s name (signed in as Y in a previous test) o Sign in as X… Get X’s name (correct)… then sign in again as Y…. get X’s name (incorrect).
public async Task Login()
{
string redirectUri = "https://login.microsoftonline.com/common/oauth2/nativeclient";
var client = PublicClientApplicationBuilder.Create(this.clientId)
.WithAuthority(AzureCloudInstance.AzurePublic, AadAuthorityAudience.AzureAdAndPersonalMicrosoftAccount)
.WithRedirectUri(redirectUri)
.WithClientName(ProviderManager.ClientName)
.WithClientVersion(Assembly.GetExecutingAssembly().GetName().Version.ToString())
.Build();
var provider = new InteractiveAuthenticationProvider(client, this.scopes);
var graph = new GraphServiceClient(provider);
var state = ProviderState.SignedOut;
try
{
// Try and sign-in
var result = await client.AcquireTokenInteractive(this.scopes).WithPrompt(Microsoft.Identity.Client.Prompt.SelectAccount).ExecuteAsync();
if (!string.IsNullOrWhiteSpace(result.AccessToken))
{
state = ProviderState.SignedIn;
}
var profile = await graph.Me.Request().GetAsync();
Debug.WriteLine($"name = {profile.DisplayName}");
}
catch (Exception ex)
{
Debug.Fail(ex.Message);
}
}
Issue Analytics
- State:
- Created 3 years ago
- Comments:7 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
With multiple MSA accounts you can only be signed in as one at a time and that is cached in the browser cookies. This seems like currently designed behavior until multi-MSA is enabled.
@HerrickSpencer As per our offline conversation, I am closing this issue as it appears to be a graph issue where the user is not getting refreshed whereas MSAL gives the correct logged in user name. Feel free to reopen or create a new issue as appropriate.