Fix silent WAM broker token acquisition (#664)#666
Merged
Conversation
MsalSilentTokenProvider was always receiving the non-broker IPublicClientApplication, so it could never acquire tokens silently from the WAM broker cache. Pass the broker app to the silent provider when available so it can query WAM cached accounts. - Use appInteractiveBroker ?? app for MsalSilentTokenProvider - Add regression tests verifying correct app is used - Bump Microsoft.Artifacts.Authentication version to 0.2.8
cobya
approved these changes
Apr 20, 2026
embetten
added a commit
that referenced
this pull request
May 5, 2026
WSL reports as Linux but has no msalruntime daemon, causing MsalSilentTokenProvider to fail when using appInteractiveBroker. - Add PlatformInformation.IsWSL() to detect WSL via RuntimeInformation.IsOSPlatform(Linux) and WSL_DISTRO_NAME env var - Use non-broker app for silent auth on WSL, matching behavior before 0cddac6 - Add tests for WSL and non-WSL silent auth provider selection ### Problem Commit #664 (#666) changed `MsalSilentTokenProvidert`o use `appInteractiveBroker ?? app` so that the broker's token cache is queried on silent auth. This works correctly on Windows and macOS, but breaks Windows Subsystem for Linux (WSL) due to stdout corruption from MSAL linux broker subprocesses. Related MSAL issue: AzureAD/microsoft-authentication-library-for-dotnet#5979 ### work around until MSAL responds Add `PlatformInformation.IsWSL()` which returns true when the runtime OS is Linux and the WSL_DISTRO_NAME environment variable is set (always present in WSL sessions, never set on native Linux/macOS/Windows). In `MsalTokenProviders.Get()` use the non-broker app for silent auth when running in WSL, restoring the pre-#664 behavior for WSL users while keeping broker-accelerated silent auth on Windows and macOS. ### Testing Added unit tests covering silent provider selection under WSL and non-WSL conditions with both empty and warm MSAL caches.
embetten
added a commit
that referenced
this pull request
May 5, 2026
…token provider (#675) (#676) WSL reports as Linux but has no msalruntime daemon, causing MsalSilentTokenProvider to fail when using appInteractiveBroker. - Add PlatformInformation.IsWSL() to detect WSL via RuntimeInformation.IsOSPlatform(Linux) and WSL_DISTRO_NAME env var - Use non-broker app for silent auth on WSL, matching behavior before 0cddac6 - Add tests for WSL and non-WSL silent auth provider selection ### Problem Commit #664 (#666) changed `MsalSilentTokenProvidert`o use `appInteractiveBroker ?? app` so that the broker's token cache is queried on silent auth. This works correctly on Windows and macOS, but breaks Windows Subsystem for Linux (WSL) due to stdout corruption from MSAL linux broker subprocesses. Related MSAL issue: AzureAD/microsoft-authentication-library-for-dotnet#5979 ### work around until MSAL responds Add `PlatformInformation.IsWSL()` which returns true when the runtime OS is Linux and the WSL_DISTRO_NAME environment variable is set (always present in WSL sessions, never set on native Linux/macOS/Windows). In `MsalTokenProviders.Get()` use the non-broker app for silent auth when running in WSL, restoring the pre-#664 behavior for WSL users while keeping broker-accelerated silent auth on Windows and macOS. ### Testing Added unit tests covering silent provider selection under WSL and non-WSL conditions with both empty and warm MSAL caches.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
MsalSilentTokenProvider was always receiving the non-broker IPublicClientApplication, so it could never acquire tokens silently from the WAM broker cache. Pass the broker app to the silent provider when available so it can query WAM cached accounts.
#664