Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

TokenCache doesn't work with B2C authorities after migrating to MSAL 2.0.0-preview

See original GitHub issue

I made to following steps for migration from v1.1.4 to 2.0.0:

Enable embedded WebView: App.Services.UiParent = new UIParent(this, true);
Switch from IUser to IAccount
Changed the AcquireTokenSilentAsync from AuthenticationResult = await PCA.AcquireTokenSilentAsync( Scopes, GetUserByPolicy(PCA.Users, PolicySignUpSignIn), Authority, false); to var accounts = await PCA.GetAccountsAsync(); AuthenticationResult = await PCA.AcquireTokenSilentAsync(scopes, accounts.FirstOrDefault());
Changed the AcquireTokenAsync method from AuthenticationResult = await PCA.AcquireTokenAsync( Scopes, GetUserByPolicy(PCA.Users, PolicySignUpSignIn), App.Services.UiParent); to AuthenticationResult = await PCA.AcquireTokenAsync(scopes, App.Services.UiParent);

The TokenCache is not given in my PCA constructor: PCA = new PublicClientApplication(ClientId, Authority) { RedirectUri = $"msal{ClientId}://auth" };

Used Plattform and libraries:

Xamarin.Forms v3.1.0.697729
Android Support Libraries: 27.0.2.1

I tried Android (6.0) and UWP, both need an explicit login action to get an AuthenticationResult. PCA.GetAccountAsync() always returns an empty list, so in my view it seems to be an error with the TokenCache.

Do I need to delete the old v1.x-Cache in some way? Can you reproduce the error?

Issue Analytics

State:
Created 5 years ago
Comments:13 (8 by maintainers)

Top GitHub Comments

2reactions

jmprieurcommented, Aug 29, 2018

@Daniel-NP : I was able to repro it. (in other B2C tenants as well) What I observe is that:

I can get a token interactively (both an access token and an idToken), but the Account member of the AuthenticationResult has the following characteristics (different from what we have for the AAD tokens):
- the Username is null
- the AccountId’s ObjectID contains the policy : ObjectId = “<guid>-b2c_1_susi” Then indeed, as you observed, this account is not added to the token cache.

Also the claims included in the idToken are different than the claims included in the AAD idToken, and I believe some of them are needed for indexing the cache

We are working on a solution, meanwhile, I’ll advise that you to keep using MSAL 1.1.4 -preview.. We’ll update you with this GitHub issue.

Thanks again for reporting and sharing your repros. I’m renaming the issue to have B2C in the title

1reaction

trwalkecommented, Sep 11, 2018

We have implemented a fix for this issue and we are planning to release within the next week or so

Top Results From Across the Web

Migrate ADAL TokenCache to MSAL ...

Hi, we are migrating from ADAL library to MSAL library for a Windows service which runs in background. In our current design, after...

msal net 2 released

When migrating a token cache from ADAL v3 or ADAL v4 to MSAL 2.0, the override of acquire token silent to use is...

Azure AD B2C and MSAL.NET

Known issue with Azure AD B2C MSAL.NET supports a token cache. The token caching key is based on the claims returned by the...

Msal angular knownauthorities. When you want to apply a ...

Msal angular knownauthorities. When you want to apply a policy, you need to call an override of AcquireTokenInteractive containing an authority parameter.

MSAL.js 2.0 SignUp User flow - azure ad b2c

The problem is that it doesn't work when I use the same authority that I used with the Sign up and sign in...