Closed
Description
Library version used
4.66.0
.NET version
.NET8
Scenario
PublicClient - desktop app
Is this a new or an existing app?
None
Issue description and reproduction steps
Hello, I wanted to ask for guidance with WAM and FIDO/passwordless:
- basically using the way as described in example here (just without cache): https://learn.microsoft.com/en-us/dotnet/api/microsoft.identity.client.publicclientapplication?view=msal-dotnet-latest
- when using with WAM and different account than my own Windows account (account from different tenant), I get MsalUIRequiredException, call AcquireTokenInteractive() and get UI with built-in webWiev
- UI gets displayed, offering various methods of authentication:
- however only password-based auth works. When selecting 'Use your face, fingerprint, PIN, or security key instead' option, then error occurs:
- even after entering the password, conditional access requires MFA, and again, option 'Face, fingerprint, PIN, or security key' does not work, producing the same error - at least I can use Azure Authenticator to verify my account
Getting the same behavior when logging in to Windows App to get access to my W365 desktop in different tenant - so I believe this is not just problem with my code.
I'm wondering what is and is not supported with WAM and passwordless when UI gets required for authentication. FIDO itself works fine for me with other authentication flows (e.g. Interactive login via Edge browser).
Relevant code snippets
No response
Expected behavior
'Face, fingerprint, PIN, or security key' option works when WAM shows an UI
Identity provider
Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)
Regression
No response
Solution and workarounds
Authenticate with password and provide 2nd factor by other MFA method than FIDO