[Bug] Wam returned default account that doesn't match the account passed in (508065737)

[winstliu]

Library version used

4.61.3

.NET version

.NET Framework 4.8

Scenario

PublicClient - desktop app

Is this a new or an existing app?

The app is in production, I haven't upgraded MSAL, but started seeing this issue

Issue description and reproduction steps

We have an internal-only PCA that has WAM enabled. We are seeing a high number of WAM Silent failures due to Wam returned default account that doesn't match the account passed in.

After enabling verbose logs, we see that WAM returns two accounts from app.GetAccountsAsync():

1. An MSA account (unexpected)
2. An Entra account (expected)

My reading of app.GetAccountsAsync is that this method should only return accounts that have successfully logged into the app previously. How is it returning an MSA when our app is single-tenant Entra-only? (And the MSA is not a guest in the tenant)

LogAlways: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:55Z] [Internal cache] Total number of cache partitions found while getting refresh tokens: 0
Verbose: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:55Z - 5dfb53e5-a4b7-40dd-a22a-c496535f533c] [GetAccounts] Found 0 RTs and 0 accounts in MSAL cache.
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:55Z - 5dfb53e5-a4b7-40dd-a22a-c496535f533c] [Region discovery] Not using a regional authority.
Verbose: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:55Z - 5dfb53e5-a4b7-40dd-a22a-c496535f533c] [Instance Discovery] Tried to use network cache provider for login.microsoftonline.com. Success? False.
Verbose: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:55Z - 5dfb53e5-a4b7-40dd-a22a-c496535f533c] [Instance Discovery] Tried to use known metadata provider for login.microsoftonline.com. Success? True.
Verbose: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:55Z - 5dfb53e5-a4b7-40dd-a22a-c496535f533c] [GetAccounts] Found 0 RTs and 0 accounts in MSAL cache after environment filtering.
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:55Z] [Runtime] WAM supported OS.
Verbose: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:55Z] [RuntimeBroker] MsalRuntime initialization successful.
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    GetAllAccounts:432      WAM returned '1' accounts for client_id '374828b9-b8ff-4b76-997e-fe09a7dbf91d'
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    GetAllAccounts:721      Discovered '0' AAD accounts
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    GetAllAccounts:734      WAM returned failure in MSA account discovery with client id 'msa WAM FindAllAccountsAsync failed with status: 1, errorMsg: Error '
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    GetAllAccounts:738      Discovered '0' MSA accounts
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    NotateAccountHeuristics:158Account realm is: 72f988bf-86f1-41af-91ab-2d7cd011db47
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    NotateAccountHeuristics:183Account LAID is: bb193749-8404-4bf5-963f-83eaea23e288
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:422    Printing Telemetry for Correlation ID: 5dfb53e5-a4b7-40dd-a22a-c496535f533c
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: broker_accounts_count, Value: 1
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: start_time, Value: 2024-09-25T20:59:55.000Z
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: api_name, Value: DiscoverAccounts
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: was_request_throttled, Value: false
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: authority_type, Value: Unknown
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: msal_version, Value: 1.1.0+local
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: client_id, Value: 374828b9-b8ff-4b76-997e-fe09a7dbf91d
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: correlation_id, Value: 5dfb53e5-a4b7-40dd-a22a-c496535f533c
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: broker_app_used, Value: true
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: stop_time, Value: 2024-09-25T20:59:57.000Z
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: all_error_tags, Value: 6i0ht
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: msalruntime_version, Value: 0.16.1
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: msa_wam_find_accounts_error, Value: 2147942405
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: request_eligible_for_broker, Value: true
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: is_successful, Value: true
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: aad_wam_haid, Value: from_msal_localaccountid
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: msa_wam_find_accounts_status, Value: 1
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: auth_flow, Value: Broker
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: storage_read, Value: DAC
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: storage_write, Value: DAC
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: write_account_status, Value: successful
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: storage_accounts_count, Value: 2
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: api_error_context, Value: PII logging enabled on client.
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: transfer_token_error, Value: PII logging enabled on client.
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: server_suberror_code, Value: PII logging enabled on client.
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: request_duration, Value: 1186
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:435    Printing Execution Flow:
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    LogTelemetryData:443    {"t":"4sufd","tid":1,"ts":0,"s":2,"l":2},{"t":"4swgg","tid":1,"ts":0,"s":1,"l":2},{"t":"4swgf","tid":1,"ts":0,"s":1,"l":2},{"t":"4swgi","tid":2,"ts":0,"s":1,"l":2},{"t":"8dqku","tid":2,"ts":0,"l":2},{"t":"4wqnh","tid":2,"ts":1,"l":2},{"t":"4wqni","tid":2,"ts":12,"l":2},{"t":"4wqnh","tid":2,"ts":1159,"l":2},{"t":"4wqni","tid":2,"ts":1161,"l":2},{"t":"8dql5","tid":2,"ts":1172,"l":2},{"t":"4pr05","tid":2,"ts":1172,"l":2},{"t":"4qnng","tid":2,"ts":1172,"l":2,"a":2,"ie":0},{"t":"4qnnf","tid":2,"ts":1173,"l":2,"a":2,"ie":1},{"t":"4pr02","tid":2,"ts":1173,"l":2},{"t":"4yi59","tid":2,"ts":1173,"s":1,"l":2},{"t":"4yi6a","tid":2,"ts":1173,"s":36,"l":2},{"t":"4yi6b","tid":2,"ts":1173,"l":2},{"t":"4qnne","tid":2,"ts":1173,"l":2,"a":3,"ie":0},{"t":"4qnnd","tid":2,"ts":1175,"l":2,"a":3,"ie":1},{"t":"4pr0z","tid":2,"ts":1175,"l":2}
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [RuntimeBroker] Broker returned 2 account(s).
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z - 5dfb53e5-a4b7-40dd-a22a-c496535f533c] [Region discovery] Not using a regional authority.
Verbose: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z - 5dfb53e5-a4b7-40dd-a22a-c496535f533c] [Instance Discovery] Tried to use network cache provider for login.microsoftonline.com. Success? False.
Verbose: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z - 5dfb53e5-a4b7-40dd-a22a-c496535f533c] [Instance Discovery] Tried to use known metadata provider for login.microsoftonline.com. Success? True.
Verbose: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [RuntimeBroker] Filtering WAM accounts based on Environment.
Verbose: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [RuntimeBroker] 2 account(s) returned after filtering.
Verbose: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [RuntimeBroker] Converted 2 WAM account(s) to MSAL Account(s).
Verbose: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] Filtering broker accounts by environment. Before filtering: 2
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z - 18b6ea17-459e-4e27-a329-fccf3ed00b69] [Region discovery] Not using a regional authority.
Verbose: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z - 18b6ea17-459e-4e27-a329-fccf3ed00b69] [Instance Discovery] Tried to use network cache provider for login.microsoftonline.com. Success? False.
Verbose: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z - 18b6ea17-459e-4e27-a329-fccf3ed00b69] [Instance Discovery] Tried to use known metadata provider for login.microsoftonline.com. Success? True.
Verbose: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] After filtering: 2
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] Found 0 cache accounts and 2 broker accounts
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] Returning 2 accounts
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z - b9260677-31e4-4f48-94ae-463fc8fb451c] MSAL MSAL.Desktop with assembly version '4.61.3.0'. CorrelationId(b9260677-31e4-4f48-94ae-463fc8fb451c)
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z - b9260677-31e4-4f48-94ae-463fc8fb451c] === AcquireTokenSilent Parameters ===
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z - b9260677-31e4-4f48-94ae-463fc8fb451c] LoginHint provided: False
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z - b9260677-31e4-4f48-94ae-463fc8fb451c] Account provided: Account username: PII@outlook.com environment login.microsoftonline.com home account id: AccountId: PII
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z - b9260677-31e4-4f48-94ae-463fc8fb451c] ForceRefresh: False
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z - b9260677-31e4-4f48-94ae-463fc8fb451c]
=== Request Data ===
Authority Provided? - True
Client Id - 374828b9-b8ff-4b76-997e-fe09a7dbf91d
Scopes - 499b84ac-1321-427f-aa17-267ca6975798/.default
Redirect Uri - https://login.microsoftonline.com/common/oauth2/nativeclient
Extra Query Params Keys (space separated) -
ClaimsAndClientCapabilities -
Authority - https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/
ApiId - AcquireTokenSilent
IsConfidentialClient - False
SendX5C - False
LoginHint -
IsBrokerConfigured - True
HomeAccountId -
CorrelationId - b9260677-31e4-4f48-94ae-463fc8fb451c
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z - b9260677-31e4-4f48-94ae-463fc8fb451c] === Token Acquisition (SilentRequest) started:

Authority: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/

Scope: 499b84ac-1321-427f-aa17-267ca6975798/.default

ClientId: 374828b9-b8ff-4b76-997e-fe09a7dbf91d
Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z - b9260677-31e4-4f48-94ae-463fc8fb451c] Broker is configured and enabled, attempting to use broker instead.

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [Runtime] WAM supported OS.

Verbose: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [RuntimeBroker] MsalRuntime initialization successful.

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z - b9260677-31e4-4f48-94ae-463fc8fb451c] Can invoke broker. Will attempt to acquire token with broker.

Verbose: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [RuntimeBroker] Acquiring token silently.

Verbose: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [RuntimeBroker] Validating Common Auth Parameters.

Warning: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]  WARNING SetAuthorityUri:78      Initializing authority from URI 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/' without authority type, defaulting to MsSts

Verbose: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [RuntimeBroker] Scopes were passed in the request.

Verbose: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [RuntimeBroker] Acquired Common Auth Parameters.

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0003]    INFO    LogTelemetryData:422    Printing Telemetry for Correlation ID: b9260677-31e4-4f48-94ae-463fc8fb451c

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0003]    INFO    LogTelemetryData:430    Key: start_time, Value: 2024-09-25T20:59:57.000Z

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0003]    INFO    LogTelemetryData:430    Key: api_name, Value: ReadAccountById

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0003]    INFO    LogTelemetryData:430    Key: was_request_throttled, Value: false

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0003]    INFO    LogTelemetryData:430    Key: authority_type, Value: Unknown

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0003]    INFO    LogTelemetryData:430    Key: msal_version, Value: 1.1.0+local

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0003]    INFO    LogTelemetryData:430    Key: correlation_id, Value: b9260677-31e4-4f48-94ae-463fc8fb451c

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0003]    INFO    LogTelemetryData:430    Key: broker_app_used, Value: false

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0003]    INFO    LogTelemetryData:430    Key: stop_time, Value: 2024-09-25T20:59:57.000Z

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0003]    INFO    LogTelemetryData:430    Key: msalruntime_version, Value: 0.16.1

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0003]    INFO    LogTelemetryData:430    Key: is_successful, Value: true

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0003]    INFO    LogTelemetryData:430    Key: api_error_context, Value: PII logging enabled on client.

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0003]    INFO    LogTelemetryData:430    Key: transfer_token_error, Value: PII logging enabled on client.

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0003]    INFO    LogTelemetryData:430    Key: server_suberror_code, Value: PII logging enabled on client.

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0003]    INFO    LogTelemetryData:430    Key: request_duration, Value: 0

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0003]    INFO    SetCorrelationId:258    Set correlation ID: b9260677-31e4-4f48-94ae-463fc8fb451c

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0003]    INFO    EnqueueBackgroundRequest:954The original authority is 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47'

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0003]    INFO    ModifyAndValidateAuthParameters:219 Additional query parameter added successfully. Key: 'msal_accounts_control_title' Value: 'ES Package Manager'

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0003]    INFO    ModifyAndValidateAuthParameters:243 Authority Realm: 72f988bf-86f1-41af-91ab-2d7cd011db47

Warning: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0003]  WARNING TryEnqueueMsaDeviceCredentialAcquisitionAndContinue:1006    MsaDeviceOperationProvider is not available. Not attempting to register the device.

Warning: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]  WARNING TryReadAccountUniversalStorage:754 No account found in cache, will still return a token if found

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    StorageTokenResponse:84 StorageTokenResponse account constructor invoked. This is only expected in Runtime flows

Warning: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]  WARNING StorageTokenResponse:15 No credentials found in the cache

Warning: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]  WARNING DiscardAccessAndIdTokensIfUnusable:789      No id token found in the cache

Warning: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]  WARNING DiscardAccessAndIdTokensIfUnusable:808      No access token found in the cache

Warning: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]  WARNING StorageTokenResponse:15 No credentials found in the cache

Warning: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]  WARNING GetPlatformPropertiesFromStorage:2013       No account found in cache.

Warning: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]  WARNING SetAuthorityUri:78      Initializing authority from URI 'https://login.microsoftonline.com/consumers' without authority type, defaulting to MsSts

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    INFO    SetCorrelationId:258    Set correlation ID: b9260677-31e4-4f48-94ae-463fc8fb451c

Error: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:57Z] [MSAL:0002]    ERROR   ErrorInternalImpl:134   Created an error: 669im, StatusInternal::InteractionRequired, InternalEvent::None, Error Code 2147943717, Context 'Error'

Error: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    ERROR   ErrorInternalImpl:134   Created an error: 4sh5j, StatusInternal::InteractionRequired, InternalEvent::None, Error Code 0, Context 'Wam returned default account that doesn't match the account passed in'

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:422    Printing Telemetry for Correlation ID: b9260677-31e4-4f48-94ae-463fc8fb451c

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: start_time, Value: 2024-09-25T20:59:57.000Z

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: api_name, Value: AcquireTokenSilently

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: was_request_throttled, Value: false

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: authority_type, Value: MSA

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: msal_version, Value: 1.1.0+local

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: api_status_code, Value: StatusInternal::InteractionRequired

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: client_id, Value: 374828b9-b8ff-4b76-997e-fe09a7dbf91d

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: correlation_id, Value: b9260677-31e4-4f48-94ae-463fc8fb451c

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: broker_app_used, Value: true

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: stop_time, Value: 2024-09-25T20:59:58.000Z

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: all_error_tags, Value: 4sh5j|4sh5j

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: msalruntime_version, Value: 0.16.1

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: original_authority, Value: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: request_eligible_for_broker, Value: true

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: additional_query_parameters_count, Value: 1

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: storage_read, Value: DAMD

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: is_successful, Value: false

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: wam_telemetry, Value: {"x_ms_clitelem":"1,0,0,91966043.0862,I","ui_visible":false,"tenant_id":"72f988bf-86f1-41af-91ab-2d7cd011db47","scope":"499b84ac-1321-427f-aa17-267ca6975798/.default offline_access openid profile","redirect_uri":"ms-appx-web://Microsoft.AAD.BrokerPlugin/374828b9-b8ff-4b76-997e-fe09a7dbf91d","provider_id":"https://login.windows.net","http_status":200,"http_event_count":1,"http_content_type":"application/jose; charset=utf-8","http_content_size":10787,"device_join":"aadj","correlation_id":"{b9260677-31e4-4f48-94ae-463fc8fb451c}","client_id":"374828b9-b8ff-4b76-997e-fe09a7dbf91d","ccs_failover_v2":"1.P","cache_event_count":0,"broker_version":"10.0.26100.1591","authority":"https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47","api_error_code":0,"account_join_on_start":"primary","account_join_on_end":"primary","account_id":"bb193749-8404-4bf5-963f-83eaea23e288","silent_code":0,"silent_bi_sub_code":0,"silent_message":"","silent_status":0,"is_cached":0}

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: transfer_token_request, Value: failed

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: transfer_token_error, Value: PII logging enabled on client.

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: auth_flow, Value: Broker

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: broker_error_location, Value: 4sh5j

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: api_error_code, Value: 0

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: server_suberror_code, Value: PII logging enabled on client.

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: api_error_tag, Value: 4sh5j

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: api_error_context, Value: PII logging enabled on client.

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: authorization_type, Value: WindowsIntegratedAuth

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:430    Key: request_duration, Value: 1788

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:435    Printing Execution Flow:

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [MSAL:0002]    INFO    LogTelemetryData:443    {"t":"4s7uc","tid":3,"ts":0,"l":2},{"t":"4sufd","tid":3,"ts":0,"s":2,"l":2},{"t":"4swgg","tid":3,"ts":0,"s":2,"l":2},{"t":"4swgf","tid":3,"ts":0,"s":1,"l":2},{"t":"4swgi","tid":2,"ts":0,"s":2,"l":2},{"t":"8b2yn","tid":2,"ts":0,"l":2},{"t":"8dqkx","tid":2,"ts":1,"l":2},{"t":"8dqik","tid":2,"ts":1,"l":2},{"t":"4q2di","tid":2,"ts":1,"l":2},{"t":"4qnng","tid":2,"ts":1,"l":2,"a":2,"ie":0},{"t":"4qnnf","tid":2,"ts":1,"l":2,"a":2,"ie":1},{"t":"8dqit","tid":2,"ts":1,"l":2},{"t":"8dqiu","tid":2,"ts":1,"l":2},{"t":"8b2ht","tid":2,"ts":1,"l":2},{"t":"4qnno","tid":2,"ts":1,"l":2,"a":2,"ie":0},{"t":"4qnnn","tid":2,"ts":1,"l":2,"a":2,"ie":1},{"t":"8dqiq","tid":2,"ts":1,"l":2},{"t":"8dqir","tid":2,"ts":1,"l":2},{"t":"4qwi1","tid":2,"ts":2,"l":2},{"t":"4qnna","tid":2,"ts":2,"l":2,"a":2,"ie":0},{"t":"4qnm9","tid":2,"ts":2,"l":2,"a":2,"ie":1},{"t":"8dqin","tid":2,"ts":2,"l":2},{"t":"4qnno","tid":2,"ts":2,"l":2,"a":2,"ie":0},{"t":"4qnnn","tid":2,"ts":2,"l":2,"a":2,"ie":1},{"t":"8b2hu","tid":2,"ts":2,"l":2},{"t":"5b8fg","tid":2,"ts":5,"l":2},{"t":"8dqk0","tid":2,"ts":5,"l":2},{"t":"4qnng","tid":2,"ts":5,"l":2,"a":2,"ie":0},{"t":"4qnnf","tid":2,"ts":5,"l":2,"a":2,"ie":1},{"t":"8dqjd","tid":2,"ts":5,"l":2},{"t":"694nj","tid":2,"ts":5,"l":2,"a":10,"ie":0},{"t":"4vw1f","tid":2,"ts":5,"l":2},{"t":"4wqnh","tid":2,"ts":5,"l":2},{"t":"4vw1c","tid":2,"ts":8,"l":2},{"t":"4vw1b","tid":2,"ts":8,"l":2},{"t":"4vu2v","tid":2,"ts":8,"l":2},{"t":"4wqni","tid":2,"ts":8,"l":2},{"t":"4ygv8","tid":2,"ts":319,"l":2},{"t":"4ygv9","tid":2,"ts":319,"l":2},{"t":"4ygwa","tid":2,"ts":319,"l":2},{"t":"4vw1a","tid":2,"ts":319,"l":2},{"t":"4wqnf","tid":2,"ts":319,"l":2},{"t":"8dqmi","tid":2,"ts":329,"l":2},{"t":"4wqnh","tid":2,"ts":329,"l":2},{"t":"4vw1c","tid":2,"ts":332,"l":2},{"t":"4vw1b","tid":2,"ts":332,"l":2},{"t":"4vu2v","tid":2,"ts":332,"l":2},{"t":"4wqni","tid":2,"ts":332,"l":2},{"t":"6omfo","tid":2,"ts":339,"l":2},{"t":"4vw1a","tid":2,"ts":339,"l":2},{"t":"4wqm5","tid":2,"ts":339,"l":2},{"t":"4wqm7","tid":2,"ts":339,"l":2},{"t":"6m025","tid":2,"ts":450,"l":2},{"t":"58yep","tid":2,"ts":450,"l":2},{"t":"4wqm5","tid":2,"ts":450,"l":2},{"t":"4wqm7","tid":2,"ts":450,"l":2},{"t":"8dql1","tid":2,"ts":1787,"l":2},{"t":"4qopb","tid":2,"ts":1787,"l":2},{"t":"4sh5o","tid":2,"ts":1787,"l":2},{"t":"4sh5n","tid":2,"ts":1787,"l":2},{"t":"4sh5m","tid":2,"ts":1787,"l":2},{"t":"4sh5l","tid":2,"ts":1787,"l":2},{"t":"4sh5k","tid":2,"ts":1787,"l":2},{"t":"694nk","tid":2,"ts":1787,"l":2,"a":10,"ie":1},{"t":"8dqk1","tid":2,"ts":1787,"l":2},{"t":"646u1","tid":2,"ts":1787,"l":2}

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [RuntimeBroker] Could not acquire token silently. Status: InteractionRequired

Context: Wam returned default account that doesn't match the account passed in

Tag: 0x1e4877c9

Informational: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [RuntimeBroker] Processing WAM exception

Verbose: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [RuntimeBroker] TelemetryData: {"DATA LIMITED":"Full MSALRuntime telemetry not yet implemented","api_error_context":"Error context redacted, value may be written to log.","api_name":"AcquireTokenSilently","api_status_code":"StatusInternal::InteractionRequired","broker_app_used":"true","client_id":"374828b9-b8ff-4b76-997e-fe09a7dbf91d","correlation_id":"b9260677-31e4-4f48-94ae-463fc8fb451c","is_successful":"false","msal_version":"1.1.0+local","msalruntime_version":"0.16.1"}

Error: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z] [RuntimeBroker] failed_to_acquire_token_silently_from_broker WAM Error

Error Code: 0

Error Message: Wam returned default account that doesn't match the account passed in

Internal Error Code: 508065737
Verbose: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z - b9260677-31e4-4f48-94ae-463fc8fb451c] Broker could not satisfy silent request.

Error: True MSAL 4.61.3.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-09-25 20:59:58Z - b9260677-31e4-4f48-94ae-463fc8fb451c] MSAL.Desktop.4.61.3.0.MsalUiRequiredException:

ErrorCode: failed_to_acquire_token_silently_from_broker

Microsoft.Identity.Client.MsalUiRequiredException: WAM Error

Error Code: 0

Error Message: Wam returned default account that doesn't match the account passed in

Internal Error Code: 508065737
at Microsoft.Identity.Client.Internal.Requests.Silent.SilentRequest.d__5.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<b__1>d.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

at Microsoft.Identity.Client.Utils.StopwatchService.d__4.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

at Microsoft.Identity.Client.Internal.Requests.RequestBase.d__11.MoveNext()

StatusCode: 0

ResponseBody:

Headers:

Relevant code snippets

var app = parameters.GetBrokerPublicClientApplication();

var accounts = await app.GetAccountsAsync();
var existingAccount = accounts.FirstOrDefault();

Microsoft.Identity.Client.AuthenticationResult result;
if (existingAccount != null)
{
    // Try to use the previously signed-in account from the cache.
    result = await app
        .AcquireTokenSilent(scopes.Select((scope) => $"{resource}/{scope}"), existingAccount)
        .ExecuteAsync();
}
else
{
    // If there's no account, try to sign in silently with the account that's signed into Windows.
    result = await app
        .AcquireTokenSilent(scopes.Select((scope) => $"{resource}/{scope}"), PublicClientApplication.OperatingSystemAccount)
        .ExecuteAsync();
}

return result;

Expected behavior

GetAccountsAsync to only return accounts that can sign in.

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

No response

[iulico-1]

Do the MSA and AAD account have the same UPN ?

[iulico-1]

@50Wliu, in general this behavior looks by design GetAccountsAsync() returns all accounts that are available on the system not only the accounts that application previously sign-ed in with.

[winstliu]

Thanks. This isn't clear from the docs - https://aka.ms/msal-net-wam says "Try to use the previously signed-in account from the cache" which implies that they have previously successfully signed in to the app, and https://learn.microsoft.com/en-us/dotnet/api/microsoft.identity.client.iclientapplicationbase.getaccountsasync?view=msal-dotnet-latest says "Returns all the available accounts in the user token cache for the application", which again seems to point to an app-specific cache, not a global cache.
If that's not the case, can those docs be updated? And a reference to 508065737 be included in https://learn.microsoft.com/en-us/entra/msal/dotnet/advanced/exceptions/wam-errors? i.e. I'd like to see something that says "Gets all accounts available on the system", without any reference to an "application".

As far as UPN, are you asking about the <username>@email part of the account? If so, the usernames are different between the MSA & the AAD.

[rayluo]

Thanks. This isn't clear from the docs - https://aka.ms/msal-net-wam says "Try to use the previously signed-in account from the cache" which implies that they have previously successfully signed in to the app, and https://learn.microsoft.com/en-us/dotnet/api/microsoft.identity.client.iclientapplicationbase.getaccountsasync?view=msal-dotnet-latest says "Returns all the available accounts in the user token cache for the application", which again seems to point to an app-specific cache, not a global cache.

The second link is MSAL .Net's documentation. MSAL .Net (and many other MSALs, for that matter) manages tokens for the current app, so, that "Returns all the available accounts in the user token cache for the application" wording was accurate. WAM, on the other hand, manages tokens/accounts on the device. So, both docs are technically correct.

Perhaps a better question to ask is why the code snippet above would end up with "Wam returned default account that doesn't match the account passed in". Semantically, GetAccountsAsync() was supposed to get accounts that are capable to proceed. Is that not the case here, @iulico-1 ?

[bgavrilMS]

Can you share the code for GetBrokerPublicClientApplication @50Wliu ?

[iulico-1]

@rayluo, Error corresponding to tag "tag_4sh5j - Wam returned default account that doesn't match the account passed in" is an t optimization effort where account MSAL.net passes is not found in WAM cache we try to see if the default account matches the passed in account. This is an understood path which can be particularly confusing when WAM per app accounts are in the mix.

[rayluo]

So, was that MSA account established via native MSAL .Net, rather than via WAM? If that would be the case, perhaps the AcquireTokenSilent() would work if it also bypasses WAM. There was a recent concept of account_source that can be used as an indicator to choose different code path inside AcquireTokenSilent().

[winstliu]

GetBrokerPublicClientApplication:

BrokerOptions options = new(BrokerOptions.OperatingSystems.Windows)
{
    Title = "[App Title Here]",
    ListOperatingSystemAccounts = true, // We want work accounts
};

return PublicClientApplicationBuilder
    .Create(this.ClientId)
    .WithAuthority(AzureCloudInstance.AzurePublic, AadAuthorityAudience.AzureAdMyOrg)
    .WithTenantId(this.TenantId)
    .WithLegacyCacheCompatibility(false)
    .WithParentActivityOrWindow(GetConsoleOrTerminalWindow)
    .WithDefaultRedirectUri()
    .WithLogging(new MSALLogger(), true)
    .WithBroker(options)
    .Build();

EDIT: This code changed slightly recently. On the versions currently in production and hitting this issue, WithAuthority used to be:

.WithAuthority(Authority, validateAuthority: false)
.WithInstanceDiscoveryMetadata(LoadInstanceDiscoveryMetadata(authenticationMethod, telemetry))
// No .WithTenantId

So, was that MSA account established via native MSAL .Net, rather than via WAM?

If this is a question for me, how would I check? I would be very surprised if AcquireTokenSilent would work with the MSA, as we have our app set to "Accounts in this organizational directory only (Microsoft only - Single tenant)".

[bgavrilMS]

ListOperatingSystemAccounts = true enables account discovery. When this flag is true, the SDK will return accounts registered in "Accounts" section in Windows.

I don't think you should use this feature. SSO with Windows can be achieved through OperatingSystemAccount concept alone. And then the code will work as you see fit.

@iulico-1 - maybe you should deprecate this API? Or at least hide it from Visual Studio intellisense?