[Bug] WithTenantId request-level override is ignored for consumer tenant

[ssmelov]

Library version used

4.83.3

.NET version

.NET 472, .NET 8.0

Scenario

ConfidentialClient - service to service (AcquireTokenForClient)

Is this a new or an existing app?

None

Issue description and reproduction steps

1 - Setup a ConfidentialClientApplication with app-level authority configured.

2 - Override tenant to consumer tenant at request-level

var builder = confidentialApp
    .AcquireTokenForClient(scopes)
    .WithTenantId("9188040d-6c67-4c5b-b112-36a304b66dad");

3 - Try to acquire a token

var result = await builder
    .ExecuteAsync()
    .ConfigureAwait(false);

4 - request-level authority override is ignored for consumer tenant and app-level authority is used instead for token-acquisition

Relevant code snippets

Expected behavior

A request‑level authority should be honored for the consumer tenant.

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

Respect the request-level authority at CreateAuthorityForRequestAsync for consumer tenant:

microsoft-authentication-library-for-dotnet/src/client/Microsoft.Identity.Client/AppConfig/AuthorityInfo.cs

Line 568 in b52967e

if (!requestAuthority.IsCommonOrganizationsOrConsumersTenant() ||

[github-actions]

Here are some similar issues that might help you. Please check if they can solve your problem.

• [Bug] Rare race condition: AcquireTokenForClient returns token for wrong tenant when AuthenticationResult.TenantId is missing under concurrency (.WithTenantIdFromAuthority) #5743

Powered by issue-sentinel

[bgavrilMS]

@Robbie-Microsoft - pls take a look.
@ssmelov - what authority do you set at app lvl?

[ssmelov]

Authority for a different tenant. E.g., https://login.microsoftonline.com/0a890adb-0f4d-4219-8b67-c1e92af2f1b