#5400 Fixing issue that leads to multiple active access tokens in the cache for non-tenanted oidc authority (#5401)

andkorsh · bgavrilMS · web-flow · commit 53da7c31e2d8 · 2025-08-01T12:42:31.000+01:00
Co-authored-by: Andrew Korshunov &lt;andrew.korshunov@harmonic.ky&gt;
Co-authored-by: Bogdan Gavril &lt;bogavril@microsoft.com&gt;
diff --git a/src/client/Microsoft.Identity.Client/TokenCache.cs b/src/client/Microsoft.Identity.Client/TokenCache.cs
@@ -138,7 +138,7 @@ private void DeleteAccessTokensWithIntersectingScopes(
                 if (accessToken.ClientId.Equals(ClientId, StringComparison.OrdinalIgnoreCase) &&
                     environmentAliases.Contains(accessToken.Environment) &&
                     string.Equals(accessToken.TokenType ?? "", tokenType ?? "", StringComparison.OrdinalIgnoreCase) &&
-                    string.Equals(accessToken.TenantId, tenantId, StringComparison.OrdinalIgnoreCase) &&
+                    string.Equals(accessToken.TenantId ?? "", tenantId ?? "", StringComparison.OrdinalIgnoreCase) &&
                     accessToken.ScopeSet.Overlaps(scopeSet))
                 {
                     requestParams.RequestContext.Logger.Verbose(() => $"Intersecting scopes found: {scopeSet}");

Original file line number	Diff line number	Diff line change
`@@ -138,7 +138,7 @@ private void DeleteAccessTokensWithIntersectingScopes(`
`138`	`138`	`if (accessToken.ClientId.Equals(ClientId, StringComparison.OrdinalIgnoreCase) &&`
`139`	`139`	`environmentAliases.Contains(accessToken.Environment) &&`
`140`	`140`	`string.Equals(accessToken.TokenType ?? "", tokenType ?? "", StringComparison.OrdinalIgnoreCase) &&`
`141`		`- string.Equals(accessToken.TenantId, tenantId, StringComparison.OrdinalIgnoreCase) &&`
	`141`	`+ string.Equals(accessToken.TenantId ?? "", tenantId ?? "", StringComparison.OrdinalIgnoreCase) &&`
`142`	`142`	`accessToken.ScopeSet.Overlaps(scopeSet))`
`143`	`143`	`{`
`144`	`144`	`requestParams.RequestContext.Logger.Verbose(() => $"Intersecting scopes found: {scopeSet}");`