Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[Question] How to use MSAL to obtain access token for Azure DevOps REST API? (with support for both personal MSA and Azure AD)
See original GitHub issueWhich Version of MSAL are you using ? MSAL 4.8.2
Platform
UWP
What authentication flow has the issue?
- Desktop / Mobile
- Interactive
- Integrated Windows Auth
- Username Password
- Device code flow (browserless)
- Web App
- Authorization code
- OBO
- Web API
- OBO
Other? - please describe;
Is this a new or existing app?
This is a new app or experiment
Repro
public class MsalAuthService : IAdoTokenService
{
private const string _clientId = "<myClientId>";
private readonly IPublicClientApplication _publicClientApp;
private readonly List<string> _scope = new List<string>()
{
"499b84ac-1321-427f-aa17-267ca6975798/user_impersonation" // Ref: https://stackoverflow.com/a/53795967/10953422
};
public MsalAuthService()
{
_publicClientApp = PublicClientApplicationBuilder.Create(_clientId)
.WithAuthority(AadAuthorityAudience.AzureAdAndPersonalMicrosoftAccount)
.Build();
}
public async Task<string> GetAccessTokenAsync(string accountId, bool silentOnly = true)
{
var accounts = await _publicClientApp.GetAccountsAsync();
IAccount firstAccount = accounts.FirstOrDefault();
AuthenticationResult result = null;
try
{
result = await _publicClientApp
.AcquireTokenSilent(_scope, firstAccount)
.ExecuteAsync();
}
catch (MsalUiRequiredException)
{
if (silentOnly)
{
return null;
}
try
{
result = await _publicClientApp
.AcquireTokenInteractive(_scope)
.ExecuteAsync();
}
catch (Exception e)
{
Debug.WriteLine(e.Message);
result = null;
}
}
catch
{
result = null;
}
if (result != null)
{
// TODO update cache
}
return result?.AccessToken;
}
}
Expected behavior I am expecting to be able to log in with a personal Microsoft Account in the pop up sign in window.
Actual behavior The pop up window shows up but when I enter my personal Microsoft Account email, the window shows an error saying only work/school accounts can be used.
Possible Solution
Additional context/ Logs / Screenshots
Issue Analytics
- State:
- Created 4 years ago
- Comments:29 (10 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I think so as well, Azure DevOps does not support MSA logins. There is a workaround for 1st party apps (MSA-passthrough), so this is why Visual Studio is able to connect, but that mechanism is not made available to 3rd parties.
@SheaSmith - please contact the resource owner Azure DevOps directly ask them to support MSA (personal) accounts. The idenitity SDK does not control this.
Yes, don’t use MSAL. If you are building an app, create your own webview to manually authenticate to ADO. I used these docs: https://docs.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/oauth?view=azure-devops