Search code examples
c#.net-coreazure-ad-msalwindows-subsystem-for-linux

MSAL not storing token in cache


This is the code:

using Microsoft.Identity.Client;

var scopes = new string[] { "user.read" };
var clientId = "4a1aa1d5-c567-49d0-ad0b-cd957a47f842";
var tenant = "common";
var authority = "https://login.microsoftonline.com/" + tenant;
IPublicClientApplication publicClientApp;
AuthenticationResult authResult;

publicClientApp = PublicClientApplicationBuilder.Create(clientId)
  .WithAuthority(authority)
  .WithRedirectUri("http://localhost:8080")
  .Build();

var accounts = await publicClientApp
  .GetAccountsAsync()
  .ConfigureAwait(false);
IAccount? firstAccount = accounts.FirstOrDefault();

authResult = await publicClientApp
  .AcquireTokenInteractive(new string[] { "user.read" })
  .ExecuteAsync()
  .ConfigureAwait(false);

authResult = await publicClientApp
  .AcquireTokenSilent(new string[] { "user.read" }, firstAccount)
  .ExecuteAsync();

This is the exception that is being thrown:

Unhandled exception. MSAL.NetCore.4.44.0.0.MsalUiRequiredException: 
        ErrorCode: user_null
Microsoft.Identity.Client.MsalUiRequiredException: No account or login hint was passed to the AcquireTokenSilent call. 
   at Microsoft.Identity.Client.Internal.Requests.Silent.SilentRequest.ExecuteAsync(CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.Silent.SilentRequest.ExecuteAsync(CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
   at Microsoft.Identity.Client.ApiConfig.Executors.ClientApplicationBaseExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenSilentParameters silentParameters, CancellationToken cancellationToken)
   at Program.<Main>$(String[] args) in /home/adrian/temp/microsoft-identity-platform/simpler-version-public/Program.cs:line 25
   at Program.<Main>(String[] args)
        StatusCode: 0 
        ResponseBody:  
        Headers:

The csproj file:

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <OutputType>Exe</OutputType>
    <TargetFramework>net6.0</TargetFramework>
    <RootNamespace>simpler_version_public</RootNamespace>
    <ImplicitUsings>enable</ImplicitUsings>
    <Nullable>enable</Nullable>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="Microsoft.Identity.Client" Version="4.44.0" />
  </ItemGroup>

</Project>

My understanding is that calling AcquireTokenInteractive() should automatically store the token in the cache, and AcquireTokenSilent() gets the token from the cache. Why am I getting the error then? I am running this code in WSL, and dotnet --version returns 6.0.300.


Solution

  • You call GetAccountsAsync before AcquireTokenInteractive and it doesn't return any account. No account is passed to AcquireTokenSilent and this method doesn't know for which account should be access token acquired.

    You need to call GetAccountsAsync after you call AcquireTokenInteractive. In that case it will return the account and AcquireTokenSilent will acquire the token from the cache for the specified account.

    authResult = await publicClientApp
      .AcquireTokenInteractive(new string[] { "user.read" })
      .ExecuteAsync()
      .ConfigureAwait(false);
    
    var accounts = await publicClientApp
      .GetAccountsAsync()
      .ConfigureAwait(false);
    IAccount? firstAccount = accounts.FirstOrDefault();    
    
    authResult = await publicClientApp
      .AcquireTokenSilent(new string[] { "user.read" }, firstAccount)
      .ExecuteAsync();