[Question] Regarding exception handling logic for AcquireTokenSilent #5289
Description
Library version used
4.7.x
.NET version
n/a
Scenario
PublicClient - mobile app
Is this a new or an existing app?
None
Issue description and reproduction steps
We are experiencing somewhat random logouts of our application despite there being a refresh token plus Microsoft Authenticator app acting as a broker. This happens sporadically and not all users are seemingly affected. But after studying our code, we are questioning whether our current exception handling logic for AcquireTokenSilent is correct?
As you can see below, our code is checking the IsRetryable and if this returns false then it is assuming that means the auth will never work again and that AcquireTokenInteractive will be required to restore the authentication into a working state.
As far as I can see this is not the documented best practice but, to be honest, there is a fair bit of conflicting docs material out there.
I look forward to hearing the views of the MSAL.NET maintainers.
pseudo:
try {
AcquireTokenSilent
} catch (MsalUiRequiredException) {
AcquireTokenInteractive
} catch (MsalServiceException)
switch (exn.ErrorCode) {
case "device_network_not_available":
case "device_network_not_available_doze_mode":
// these two cover an edge-case when MSAuth has no network and returns a IsRetryable=false exception that uses these ErrorCode's
TransientError
default:
if exn.IsRetryable then
TransientError
else
AcquireTokenInteractive
}
} catch (MsalClientException) {
if exn.IsRetryable then
TransientError
else
AcquireTokenInteractive
} catch (MsalException) {
if exn.IsRetryable then
TransientError
else
AcquireTokenInteractive
} catch (Exception) {
// assume the worst
AcquireTokenInteractive
}
Relevant code snippets
Expected behavior
No response
Identity provider
Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)
Regression
No response
Solution and workarounds
No response