com.microsoft.identity.client.exception.MsalClientException: The signed in account does not match with the provided account.

[Digipom]

After migrating from the "deprecated" clientApp.acquireTokenSilentAsync, I started encountering this error. Looking at Stack Overflow and GitHub, it seems the current solution is to use the deprecated methods; however, the issues were closed. Since I'm still encountering the error on 4.6.2, is using the deprecated methods still the recommended solution?

[negoe]

@Digipom Can you please share the link to issues?

[Digipom]

These are the ones that seem relevant:

#1742
#1475 (closed after user mentioned using deprecated method)

These might also be relevant:

#1790

[negoe]

@Digipom

All of the above mentioned issues doesn't have same environment. Could you provide more details about the specific error message you're encountering and share MSAL logs if possible?

[Digipom]

Basically, if not using the deprecated methods and using the builder methods instead, we get a "com.microsoft.identity.client.exception.MsalClientException: The signed in account does not match with the provided account.". It seems we need to provide an account then but I'm wary about releasing that to production given the other issues that are open. Can the new methods just use the persisted account the way that the deprecated ones do?

[MihaMarkic]

FYI A client of mine is seeing the same after changing password. He can log in on devices with freshly installed app, but not on the one he was using before changing password.
Is there a workaround or something to force refreshing the credentials (assuming that's the problem)?

[MihaMarkic]

FYI. As I said it happens when user changes password while user was previously logged into mobile application. When that happens, AcquireTokenParameters.Builder()....Build().acquireToken() would fail with current_account_mismatch even when forcing Prompt.LOGIN.
The solution in my case is following:
When call to acquireToken() throws MsalClientException with exception?.errorCode == MsalClientException.CURRENT_ACCOUNT_MISMATCH, then I call app.signOut, retrieve application with PublicClientApplication.createSingleAccountPublicClientApplication once more and use it to acquireToken again. This time it correctly shows the prompt for credentials.
In case it helps somebody.

[Digipom]

Are there any updates on this one? The methods are still deprecated but the new ones are still not a 1:1 replacement, due to the behavior of getPersistedCurrentAccount().