include caeEnabled: true so token is correctly cached (#3573)

* include caeEnabled: true so token is correctly cached

* add test and replace tryCatch with null check

* adjust null check and cae tests

* Update src/Authentication/Authentication.Test/Helpers/AuthenticationHelpersTests.cs

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update src/Authentication/Authentication.Core/Utilities/AuthenticationHelpers.cs

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* auth helper test

* Update src/Authentication/Authentication.Test/Helpers/AuthenticationHelpersTests.cs

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update src/Authentication/Authentication.Test/Helpers/AuthenticationHelpersTests.cs

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* remove redundant catch

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: ramsessanchez

src/Authentication/Authentication.Core/Utilities/AuthenticationHelpers.cs

@@ -160,7 +160,19 @@ private static async Task<DeviceCodeCredential> GetDeviceCodeCredentialAsync(IAu
                 TokenCachePersistenceOptions = GetTokenCachePersistenceOptions(authContext),
                 DeviceCodeCallback = (code, cancellation) =>
                 {
-                    GraphSession.Instance.OutputWriter.WriteObject(code.Message);
+                    if (GraphSession.Exists)
+                    {
+                        try
+                        {
+                            GraphSession.Instance.OutputWriter.WriteObject(code.Message);
+                            return Task.CompletedTask;
+                        }
+                        catch (InvalidOperationException)
+                        {
+                            // Fall through to console output if OutputWriter is unavailable.
+                        }
+                    }
+                    Console.WriteLine(code.Message);
                     return Task.CompletedTask;
                 }
             };
@@ -272,12 +284,14 @@ public static async Task<IAuthContext> AuthenticateAsync(IAuthContext authContex
             return signInAuthContext;
         }
 
-        private static async Task<IAuthContext> SignInAsync(IAuthContext authContext, CancellationToken cancellationToken = default)
+        internal static async Task<IAuthContext> SignInAsync(IAuthContext authContext, CancellationToken cancellationToken = default, TokenCredential tokenCredential = null)
         {
             if (authContext is null)
                 throw new AuthenticationException(ErrorConstants.Message.MissingAuthContext);
-            var tokenCredential = await GetTokenCredentialAsync(authContext, cancellationToken).ConfigureAwait(false);
-            var token = await tokenCredential.GetTokenAsync(new TokenRequestContext(GetScopes(authContext)), cancellationToken).ConfigureAwait(false);
+            tokenCredential ??= await GetTokenCredentialAsync(authContext, cancellationToken).ConfigureAwait(false);
+            // Use isCaeEnabled: true to match the TokenRequestContext that AzureIdentityAccessTokenProvider will use
+            // during API calls, ensuring MSAL caches a CAE-capable token that can be found silently later.
+            var token = await tokenCredential.GetTokenAsync(new TokenRequestContext(GetScopes(authContext), isCaeEnabled: true), cancellationToken).ConfigureAwait(false);
             JwtHelpers.DecodeJWT(token.Token, account: null, ref authContext);
             return authContext;
         }