[Bug] unknown_broker_error when click "Only used for Microsoft app" link.

[LKMMKL]

Library version used

4.64.1

.NET version

.NET Franewirk 4.7.2

Scenario

PublicClient - desktop app

Is this a new or an existing app?

The app is in production, I haven't upgraded MSAL, but started seeing this issue

Issue description and reproduction steps

In a new machine which never login by MSAL.
During login process, click "Only used for Microsoft app" link, process interrupted and throw "unknown_broker_error".
After login failure, the same account cannot be successfully logged in for a period of time.
If this operation is performed on a machine that has already logged into the account, the probability of recurrence is low.

Relevant code snippets

_currentUserAccount = _currentUserAccount ?? (await otApp.GetAccountsAsync()).FirstOrDefault();
if (_currentUserAccount == null)
{
    _currentUserAccount = Microsoft.Identity.Client.PublicClientApplication.OperatingSystemAccount;
}
try
{
    if (!Controller.reLogin)
    {
        authResult = await otApp.AcquireTokenSilent(scopes, _currentUserAccount)
        .ExecuteAsync();
    }
}
catch (MsalUiRequiredException ex)
{

    var cancelToken = new CancellationTokenSource();
    cancelToken.CancelAfter(TimeSpan.FromMinutes(timeOut));

    IntPtr browserHandle = FindWindow(null, info.appName);
    try
    {
        authResult = await otApp.AcquireTokenInteractive(scopes)
                            .WithParentActivityOrWindow(browserHandle)
                            .WithPrompt(Microsoft.Identity.Client.Prompt.SelectAccount)
                            
                            .ExecuteAsync(cancelToken.Token);
        
    }
    catch{}
}

Expected behavior

Complete login normally.

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

No response

[github-actions]

Here are some similar issues that might help you. Please check if they can solve your problem.

• [Bug] AcquireTokenInteractive fails with unknown_broker_error  #4953
• [Bug] Microsoft.Identity.Client.MsalServiceException: Unknown Status: Unexpected - from terminal. #4095
• [Bug] Interactive Auth fails with unknown_broker_error #4122
• [Bug] Cannot use MSAL authentication pop up in a partialTrustApplication #5372
• [Bug] Broker mode throwing Microsoft.Identity.Client.MsalServiceException #5004

---

Possible solution (Extracted from existing issue, might be incorrect; please verify carefully)

Solution 1:

Remove the WAM account and try again. You can go to Windows -> Settings -> Accounts, remove the account there, and try again in your app. You can also try to sign in with another account in your app.

Reference:

• [Bug] AcquireTokenInteractive fails with unknown_broker_error  #4953 (comment)
• [Bug] AcquireTokenInteractive fails with unknown_broker_error  #4953 (comment)

Solution 2:

Error 0x80070525 is 'The specified account does not exist', and tag 0x2082320c is ERROR_NO_SUCH_USER. This error is coming from WAM. Please remove the account from WAM (use the steps mentioned above) and try again.

Reference:

• [Bug] AcquireTokenInteractive fails with unknown_broker_error  #4953 (comment)
• [Bug] AcquireTokenInteractive fails with unknown_broker_error  #4953 (comment)

Solution 3:

Upgrade to the latest version of MSAL. Significant changes have been made in MSAL's interaction with WAM in recent versions. Please upgrade to the latest version and report back if the error persists.

Reference:

• [Bug] Microsoft.Identity.Client.MsalServiceException: Unknown Status: Unexpected - from terminal. #4095 (comment)

Powered by issue-sentinel