Bug? Consent web site does not show name of Entra ID application

[GruberMarkus]

Library version used

4.61.0

.NET version

net462

Scenario

PublicClient - desktop app

Is this a new or an existing app?

None

Issue description and reproduction steps

I have a multi-tenant enterprise app. When users or admins are asked for consent, the name of the app is not displayed.

What can I do to show users the name of my app when requesting consent?

The problem can be reproduced with the following two URLs:

• https://login.microsoftonline.com/organizations/adminconsent?client_id=beea8249-8c98-4c76-92f6-ce3c468a61e6
• https://login.microsoftonline.com/organizations/v2.0/adminconsent?client_id=beea8249-8c98-4c76-92f6-ce3c468a61e6&scope=.default

When viewing the source code of the authentication site and comparing it with others that show die app name, I can see that $Config does not define sAppName.

As it can be reproduced without MSAL.Net interaction by just opening the URLs in the browser, this is probably not an MSAL.Net problem. I greatly appreciate every hint where I can ask for a solution.

Relevant code snippets

No response

Expected behavior

The app name is shown in the consent window

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

No response

[localden]

@GruberMarkus can you please share the code you are writing for this? For consent, are you talking about the first time a user logs in? Do you have a screenshot?

[GruberMarkus]

There is even no code neccessary. It is enough to open one of the two consent links I shared:

• https://login.microsoftonline.com/organizations/adminconsent?client_id=beea8249-8c98-4c76-92f6-ce3c468a61e6
• https://login.microsoftonline.com/organizations/v2.0/adminconsent?client_id=beea8249-8c98-4c76-92f6-ce3c468a61e6&scope=.default

I could break it down a bit further:

• All information I expect is shown when the link is opened by an account having the permissions to grant admin consent.
• When the link is opened by an account that does not have the permissions to grant admin consent, the logo and the name of the verified Microsoft Partner is shown, but not the name of the application. I would also expect to see the Terms of Service URL and the Privacy State URL, but they are missing, too.

In the attached screenshot, you can see that the "Need admin consent" web site does not show the name of the application.

I am quite sure that this is not an MSAL problem. Maybe you know a solution, or can tell me where I can report this problem?

[bgavrilMS]

You can use the Azure Portal to open a support ticket with Microsoft. The support team will get it to the service team if they cannot find a solution.

The web UI experience, including the authorization screens, is owned by the Identity Provider (Entra ID). Not by the SDK.

The main question here is - is this a regression? Did this ever work ?

I do not know the experience that well, but the "Terms and Conditions" should definitely appear in one of the authorization pages, there is even a CA policy to enforce it - https://learn.microsoft.com/en-us/entra/identity/conditional-access/terms-of-use
I think the name of app is shown on the first screen, on the "App XYZ wants you to login. Enter your username below".

Also, the name of the app in a public client application on Windows, Mac or Linux is not a reliable indicator. This is because on public client the app identity cannot be enforced by the OS. It's just a client ID and a redirect URI, both of them public pieces of information. Visual Studio's client ID is definitely reused by many apps.

[GruberMarkus]

I will open a ticket.

Thanks for you fast support!