AcquireTokenInteractive continuously returns MsalClientException after user closes Embedded Web window

[alexherbert]

Library version used

Microsoft.Identity.Client 4.59.0

.NET version

.NET Framework 4.8

Scenario

PublicClient - desktop app, Other - please specify

Is this a new or an existing app?

None

Issue description and reproduction steps

Integrating MFA into WPF application

If the user closes the Embedded Web window during MFA and therefore does not complete MFA process, then a MsalClientException is thrown every time the the application is relaunched and tries to AcquireTokenInteractive. This will often happen for a number of times. Sometimes it will eventually show the Embedded Web window but often gets stuck in the user_canceled AuthorizationState. Is there a way to reset this and why is it happening?

Relevant code snippets

try
                {
                    authResult = await app
                        .AcquireTokenSilent(new[] { scope }, accounts.FirstOrDefault())
                        .ExecuteAsync();
                }
                catch (MsalUiRequiredException ex)
                {
                    try
                    {
                        authResult = await app.AcquireTokenInteractive(new[] { scope })
                            .WithAccount(accounts.FirstOrDefault())
                            .WithUseEmbeddedWebView(true)
                            .WithPrompt(Prompt.ForceLogin)
                            .ExecuteAsync();
                    }
                    catch (MsalException exception)
                    {
                        return false;
                    }
                }

Expected behavior

Embedded Web window should be launched when AcquireTokenInteractive is called.

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

No response

[trwalke]

Hi @alexherbert, Are you able to provide MSAL verbose logs
https://learn.microsoft.com/en-us/entra/msal/dotnet/advanced/exceptions/msal-logging

[alexherbert]

False MSAL 4.59.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-03-11 19:46:19Z] [Internal cache] Total number of cache partitions found while getting refresh tokens: 0
False MSAL 4.59.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-03-11 19:46:19Z - 556c5ab9-34af-4c50-b092-5c8356012928] [Region discovery] Not using a regional authority.
False MSAL 4.59.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-03-11 19:46:19Z] Found 0 cache accounts and 0 broker accounts
False MSAL 4.59.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-03-11 19:46:19Z] Returning 0 accounts
False MSAL 4.59.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-03-11 19:46:19Z - de80f8eb-0ac2-4fe8-a34b-ca62e892b924] MSAL MSAL.Desktop with assembly version '4.59.0.0'. CorrelationId(de80f8eb-0ac2-4fe8-a34b-ca62e892b924)
False MSAL 4.59.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-03-11 19:46:19Z - de80f8eb-0ac2-4fe8-a34b-ca62e892b924] === AcquireTokenSilent Parameters ===
False MSAL 4.59.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-03-11 19:46:19Z - de80f8eb-0ac2-4fe8-a34b-ca62e892b924] LoginHint provided: False
False MSAL 4.59.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-03-11 19:46:19Z - de80f8eb-0ac2-4fe8-a34b-ca62e892b924] Account provided: False
False MSAL 4.59.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-03-11 19:46:19Z - de80f8eb-0ac2-4fe8-a34b-ca62e892b924] ForceRefresh: False
False MSAL 4.59.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-03-11 19:46:19Z - de80f8eb-0ac2-4fe8-a34b-ca62e892b924]
=== Request Data ===
Authority Provided? - True
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenSilent
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - de80f8eb-0ac2-4fe8-a34b-ca62e892b924
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:

False MSAL 4.59.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-03-11 19:46:19Z - de80f8eb-0ac2-4fe8-a34b-ca62e892b924] === Token Acquisition (SilentRequest) started:
Authority Host: login.microsoftonline.com
False MSAL 4.59.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-03-11 19:46:19Z - de80f8eb-0ac2-4fe8-a34b-ca62e892b924] Exception type: Microsoft.Identity.Client.MsalUiRequiredException
, ErrorCode: user_null
HTTP StatusCode 0
CorrelationId

at Microsoft.Identity.Client.Internal.Requests.Silent.SilentRequest.d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.d__12.MoveNext()
False MSAL 4.59.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-03-11 19:46:20Z - f7b12d35-def5-4163-8357-8e88f3a05378] MSAL MSAL.Desktop with assembly version '4.59.0.0'. CorrelationId(f7b12d35-def5-4163-8357-8e88f3a05378)
False MSAL 4.59.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-03-11 19:46:20Z - f7b12d35-def5-4163-8357-8e88f3a05378] === InteractiveParameters Data ===
LoginHint provided: False
User provided: False
UseEmbeddedWebView: Embedded
ExtraScopesToConsent:
Prompt: login
HasCustomWebUi: False

False MSAL 4.59.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-03-11 19:46:20Z - f7b12d35-def5-4163-8357-8e88f3a05378]
=== Request Data ===
Authority Provided? - True
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenInteractive
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - f7b12d35-def5-4163-8357-8e88f3a05378
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:

False MSAL 4.59.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-03-11 19:46:20Z - f7b12d35-def5-4163-8357-8e88f3a05378] === Token Acquisition (InteractiveRequest) started: Authority Host: login.microsoftonline.com
False MSAL 4.59.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-03-11 19:46:20Z - f7b12d35-def5-4163-8357-8e88f3a05378] [Instance Discovery] Instance discovery is enabled and will be performed
False MSAL 4.59.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-03-11 19:46:20Z - f7b12d35-def5-4163-8357-8e88f3a05378] [Region discovery] Not using a regional authority.
False MSAL 4.59.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-03-11 19:46:20Z - f7b12d35-def5-4163-8357-8e88f3a05378] Fetching instance discovery from the network from host login.microsoftonline.com.
False MSAL 4.59.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-03-11 19:46:20Z - f7b12d35-def5-4163-8357-8e88f3a05378] Using legacy embedded browser.
False MSAL 4.59.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-03-11 19:46:28Z - f7b12d35-def5-4163-8357-8e88f3a05378] Authorization result status returned user cancelled authentication.
False MSAL 4.59.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-03-11 19:46:28Z - f7b12d35-def5-4163-8357-8e88f3a05378] Exception type: Microsoft.Identity.Client.MsalClientException
, ErrorCode: authentication_canceled

at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.VerifyAuthorizationResult(AuthorizationResult authorizationResult, String originalState)
at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.d__11.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.d__12.MoveNext()