[Bug] Cannot use MSAL authentication pop up in a partialTrustApplication

[catmanjan]

Library version used

4.73.1

.NET version

8

Scenario

PublicClient - desktop app

Is this a new or an existing app?

None

Issue description and reproduction steps

I have a WinUI3 app which has partial trust so I need to do the authentication like so:

            var scopes = new[] { "User.Read" };

            var clientId = "beb05e1a-86eb-4d44-92a3-1ab1b41c1510";

            var options = new BrokerOptions(BrokerOptions.OperatingSystems.Windows)
            {
                Title = "My Awesome Application"
            };

            IPublicClientApplication app =
                PublicClientApplicationBuilder.Create(clientId)
                .WithBroker(options)
                .WithParentActivityOrWindow(() => WinRT.Interop.WindowNative.GetWindowHandle(this))
                .WithRedirectUri("ms-appx-web://microsoft.aad.brokerplugin/beb05e1a-86eb-4d44-92a3-1ab1b41c1510")
                .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs)
                .Build();

            var result = await app.AcquireTokenInteractive(scopes).ExecuteAsync();

The last line throws an exception:

Microsoft.Identity.Client.MsalServiceException: 'Unknown Status: Unexpected
Error: 0xffffffff80073b27
Context: (pii)
Tag: 0x21420087 (error code -2147009753) (internal error code 557973639)'

I've included a whole zip of the project showing the issue.

EntraWithPartialTrust.zip

Relevant code snippets

Expected behavior

No response

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

No response

[github-actions]

Here are some similar issues that might help you. Please check if they can solve your problem.

• [Bug] Interactive Auth fails with unknown_broker_error #4122
• [Bug] Broker mode throwing Microsoft.Identity.Client.MsalServiceException #5004
• [Bug] unknown_broker_error using WAM running a windows service under a AD account. #5290
• [Bug] AcquireTokenInteractive fails with unknown_broker_error  #4953

---

Possible solution (Extracted from existing issue, might be incorrect; please verify carefully)

Solution 1:

If the service runs as another account different from current logged in user, this error is expected. WAM broker does not support runas scenario.

Reference:

• [Bug] unknown_broker_error using WAM running a windows service under a AD account. #5290 (comment)

Solution 2:

The error was coming from WAM, can you remove the WAM account and try again? You can go to windows -> settings -> accounts, remove the account there, and try again in your app. You can also try to sign in another account in your app.

Reference:

• [Bug] AcquireTokenInteractive fails with unknown_broker_error  #4953 (comment)
• [Bug] AcquireTokenInteractive fails with unknown_broker_error  #4953 (comment)

Powered by issue-sentinel

[github-actions]

Here are some similar issues that might help you. Please check if they can solve your problem.

• [Bug] Interactive Auth fails with unknown_broker_error #4122
• [Bug] Broker mode throwing Microsoft.Identity.Client.MsalServiceException #5004
• [Bug] unknown_broker_error using WAM running a windows service under a AD account. #5290

---

Possible solution (Extracted from existing issue, might be incorrect; please verify carefully)

Solution 1:

If the service runs as another account different from the current logged-in user, this error is expected. WAM broker does not support runas scenario.

Reference:

• [Bug] unknown_broker_error using WAM running a windows service under a AD account. #5290 (comment)

Solution 2:

The failure was related to the OS having a failure in ShellAppRuntime.exe, and was unrelated to MSAL.NET.

Reference:

• [Bug] Interactive Auth fails with unknown_broker_error #4122 (comment)

Powered by issue-sentinel

[catmanjan]

No

[catmanjan]

This may also be related to sandboxing and #3792 but I have no way to know

[catmanjan]

bump

[catmanjan]

Here is the whole exception

Microsoft.Identity.Client.MsalServiceException: 'Unknown Status: Unexpected
Error: 0xffffffff80073b27
Context: Winrt exception was thrown 'Resource Contexts may not be created on threads that do not have a CoreWindow.'.
Tag: 0x2339e4e3 (error code -2147009753) (internal error code 590996707)'