Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] AcquireTokenSilent call is failing on Mac because of missing OperatingSystem information #4444

Closed
grabalon opened this issue Dec 1, 2023 · 2 comments · Fixed by #4449
Closed

[Bug] AcquireTokenSilent call is failing on Mac because of missing OperatingSystem information #4444

grabalon opened this issue Dec 1, 2023 · 2 comments · Fixed by #4449
Assignees
@bgavrilMS
Labels
bug confidential-client ICM This issue has a corresponding ICM, either for our team or another. P2 public-client scenario:Desktop
Milestone
4.58.1

Comments

@grabalon
Copy link

grabalon commented Dec 1, 2023

Library version used

4.54.0.0

.NET version

.NET Core

Scenario

PublicClient - desktop app

Is this a new or an existing app?

The app is in production, I haven't upgraded MSAL, but started seeing this issue

Issue description and reproduction steps

More information available in this ICM, but essentially the user having this issue is seeing Conditional Access policies block him from calls to AcquireTokenSilent because the Operating System (Mac) is not being sent by MSAL when making the network calls.

https://portal.microsofticm.com/imp/v3/incidents/incident/434595820/summary

Relevant code snippets

No response

Expected behavior

No response

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

No response
@grabalon grabalon added needs attention Delete label after triage untriaged Do not delete. Needed for Automation labels Dec 1, 2023
@bgavrilMS bgavrilMS added bug P1 P2 public-client scenario:Desktop and removed untriaged Do not delete. Needed for Automation needs attention Delete label after triage P1 labels Dec 1, 2023
@bgavrilMS
Copy link
Member

This is a system browser scenario. I checked some server logs and it seems MSAL doesn't send x-client-os on the second leg of the auth_code flow, i.e. on the token client call. Also, it is sending x-ms-pkeyauth=1 which it really should not on MacOS, as this is Win Only feature.

bgavrilMS added a commit that referenced this issue Dec 4, 2023
@bgavrilMS
Fix for #4444 - emit simple OS descriptor
618e269
@bgavrilMS bgavrilMS mentioned this issue Dec 4, 2023
Merged
@bgavrilMS bgavrilMS added ICM This issue has a corresponding ICM, either for our team or another. confidential-client labels Dec 4, 2023
@bgavrilMS
Copy link
Member

bgavrilMS commented Dec 4, 2023
edited

Issue occurs on public client, but can occur on confidential client too I think...

bgavrilMS added a commit that referenced this issue Dec 7, 2023
@bgavrilMS @pmaytak
Fix for #4444 - emit simple OS descriptor (#4449)
072ad20 
* Fix for #4444 - emit simple OS descriptor

* fix

* FIx

* Update comment.

* Reorganized and grouped package definitions.

---------

Co-authored-by: Peter <34331512+pmaytak@users.noreply.github.com>
@pmaytak pmaytak added this to the 4.58.1 milestone Dec 7, 2023
@pmaytak pmaytak assigned iulico-1 and bgavrilMS and unassigned iulico-1 Dec 7, 2023
@Haard30 Haard30 mentioned this issue Apr 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bgavrilMS bgavrilMS

Labels
bug confidential-client ICM This issue has a corresponding ICM, either for our team or another. P2 public-client scenario:Desktop
Projects
None yet
Milestone
4.58.1
Development

Successfully merging a pull request may close this issue.

Fix for #4444 - emit simple OS descriptor AzureAD/microsoft-authentication-library-for-dotnet
4 participants
@grabalon @bgavrilMS @pmaytak @iulico-1