[Bug] Authentication fails with MsalServiceException: The authorization server returned an invalid response. ErrorCode: authentication_failed

[hypers1]

Library version used

4.74

.NET version

.NET 8 Visual Studio 2022

Scenario

PublicClient - mobile app

Is this a new or an existing app?

This is a new app or experiment

Issue description and reproduction steps

Authentication fails with MsalServiceException: The authorization server returned an invalid response. ErrorCode: authentication_failed

Details:

MSAL sends a unique OAuth state parameter in the authorization request.

The CIAM server returns the state parameter with an appended GUID, e.g.:
expected: 181898a0-432e-4fed-a856-ed6e3104b140
actual: 181898a0-432e-4fed-a856-ed6e3104b140daf18a3d-06d8-4e75-92c3-4643df6976b3

This causes VerifyAuthorizationResult in MSAL to fail, since the state does not match exactly.

This only happens on Android. On Windows, authentication works as expected.

Environment:

.NET MAUI (Android)

MSAL.NET 4.74.0

Entra External ID (CIAM) User Flow (not custom policy, no API connectors)

Notes:

No custom policies or API connectors are used.

Public client flows (implicit grant) are not enabled.

User Flows are configured via the Azure Portal, nothing custom.

No code issues, OnNewIntent is implemented and the redirect is handled correctly.

Question:
Is this a known issue with MSAL on Android?
How can I ensure the returned state parameter matches the sent value, as required by OAuth2 spec and by MSAL?

Thanks!

Relevant code snippets

Expected behavior

No response

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

No response