Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Silent authentication call results in unexpected network call

See original GitHub issue

Which Version of MSAL are you using ? MSAL.NET 3.0.8

Platform net45

What authentication flow has the issue?

  • Desktop / Mobile
    • Silent

Is this a new or existing app? This is a new app or experiment.

Repro Please see the following command line app which is a simplified model of how we are using MSAL: https://gist.github.com/mjcheetham/d3faa36325beef54527a5434e6445ddb

The specific offending code is line 80:

app.AcquireTokenSilent(Scopes, account).ExecuteAsync()

Running the application once will perform an interactive authentication and store the AT/RT in a cache at %UserProfile%\.gettoken\msal.cache (using MSAL’s cache extensibility APIs).

Running the application a second time will perform a silent authentication for the same user as previous.

Expected behavior No web call is performed (unless the access token has expired).

Actual behavior An instance discovery web call is made.

Possible Solution Unknown.

Additional context/ Logs / Screenshots Fiddler shows the following request: image

image

…with the following response: image

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Reactions:1
  • Comments:17 (10 by maintainers)

github_iconTop GitHub Comments

2reactions
jmprieurcommented, May 29, 2019

@stevehurcombe , I’ve added the scenarios for mobile as well.

1reaction
ckrempp91commented, Oct 1, 2020

So to confirm this wont work for the Azure B2C case because the authority host is something like this: {tenantName}.b2clogin.com?

If so, then I take it there would have to be a code adjustment to support the the vast array of URLs rather than just the provided list from this comment: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1174#issuecomment-509664673

Read more comments on GitHub >

github_iconTop Results From Across the Web

AcquireTokenSilent should not make calls to the network
Expected behavior. Return Authresult/Token from cache, like iOS. Actual behavior. Application throws: Java.Net.UnknownHostException
Read more >
Configure Silent Authentication
Learn how to keep users logged in to your application using silent authentication.
Read more >
Handle failed Silent Authentication in Open Id Connect
I have an ASP.NET site that uses Open Id Connect to authenticate with Identity Server. When the authentication token is about to expire...
Read more >
Handle errors and exceptions in MSAL.NET
One of common status codes returned from MSAL.NET when calling AcquireTokenSilent() is MsalError.InvalidGrantError . This status code means that ...
Read more >
Getting to grips with silent authentication Q&A
All she/he has to do is to request the service. They don't have to type in any password or make any action to...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

MSAL running on HoloLens Unity app generates deserialization error: No set method for property 'Claims' in type 'Microsoft.Identity.Client.OAuth2.OAuth2ResponseBase'

Next page

"AADSTS50155: Device is not authenticated" after ~3 months with "phone sign-in"