Library version used
4.65.0
.NET version
net 8.0
Scenario
PublicClient - desktop app
Is this a new or an existing app?
The app is in production, and I have upgraded to a new version of MSAL
Issue description and reproduction steps
Users of azureauth have recently been reporting WAM failures intermittently due to "token response failed because declined scopes are present". They are trying to authenticate to Azure DevOps with default scope. And the failures are intermittent, the same user would see broker succeeding the same scope, resource and client combination.
Correlation ID: b15d6aef-18ed-4016-afb7-53bad3e90b7a
Exception Type: Microsoft.Identity.Client.MsalServiceException
WAM Error
Error Code: 0
Error Message: ApiContractViolation
WAM Error Message: Token response failed because declined scopes are present:'(pii)'
Internal Error Code: 593794722
Possible causes:
- Invalid redirect uri - ensure you have configured the following url in the application registration in Azure Portal: ms-appx-web://microsoft.aad.brokerplugin/872cd9fa-d31f-45e0-9eab-6e460a02d1f1
Relevant code snippets
Expected behavior
WAM should succeed. If there is an issue with redirect uri configuration, it shouldn't fail intermittently. It should fail all the time.
Identity provider
Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)
Regression
No response
Solution and workarounds
No response
Library version used
4.65.0
.NET version
net 8.0
Scenario
PublicClient - desktop app
Is this a new or an existing app?
The app is in production, and I have upgraded to a new version of MSAL
Issue description and reproduction steps
Users of azureauth have recently been reporting WAM failures intermittently due to "token response failed because declined scopes are present". They are trying to authenticate to Azure DevOps with default scope. And the failures are intermittent, the same user would see broker succeeding the same scope, resource and client combination.
Correlation ID: b15d6aef-18ed-4016-afb7-53bad3e90b7a
Exception Type: Microsoft.Identity.Client.MsalServiceException
WAM Error
Error Code: 0
Error Message: ApiContractViolation
WAM Error Message: Token response failed because declined scopes are present:'(pii)'
Internal Error Code: 593794722
Possible causes:
Relevant code snippets
Expected behavior
WAM should succeed. If there is an issue with redirect uri configuration, it shouldn't fail intermittently. It should fail all the time.
Identity provider
Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)
Regression
No response
Solution and workarounds
No response