[Bug] Unable to login via broker when using WithWindowsDesktopFeatures

[elecosoftdavidt]

Library version used

4.66.2

.NET version

.net framework 4.7.2

Scenario

PublicClient - desktop app

Is this a new or an existing app?

The app is in production, and I have upgraded to a new version of MSAL

Issue description and reproduction steps

We have a desktop client written in C++/MFC and we use a C++/CLI DLL along with MSAL to log into to Azure b2c. Recently a customer approached us with a requirement that they want to log in using Azure AD conditional access. I believe this is possible using the WAM/broker system. Unfortunately our MSAL libs are very old so we need to upgrade. Here is where I'm hitting issues.

We're stuck on .net framework 4.7.2 and I can get everything working if I set up my public client app using something like this

    auto brokerOptions = gcnew BrokerOptions(BrokerOptions::OperatingSystems::Windows);
    auto builder = Microsoft::Identity::Client::PublicClientApplicationBuilder::Create(clientId);

    Microsoft::Identity::Client::Desktop::WamExtension::WithBroker(builder, brokerOptions);

.net framework uses an embedded browser for this and although it works certain things aren't correct in the embedded browser such as dropdowns when left clicking to select the email address

If I change the code to use WithWindowsDesktopFeatures, the UI in the embedded browser works as I'd expect, but when I try to login via a federated route and use the WAM broker I get a 'You can't get there from here' error 53000

auto brokerOptions = gcnew BrokerOptions(BrokerOptions::OperatingSystems::Windows);
auto builder = Microsoft::Identity::Client::PublicClientApplicationBuilder::Create(clientId);

Microsoft::Identity::Client::Desktop::DesktopExtensions::WithWindowsDesktopFeatures(builder, brokerOptions);

Just wonder what I'm doing wrong. I had a quick look at the code in WithWindowsDesktopFeatures and it seems to be doing a similar thing to the WithBroker call.

Relevant code snippets

No response

Expected behavior

WAM to just work in a .net framework app using an embedded browser with desktop support

Identity provider

Azure B2C Custom Policy

Regression

No response

Solution and workarounds

I can login ok using a .net core app with a non-embedded browser (ie using the system browser) but can't seem to get the WAM/broker working using the embedded browser. In .net framework I can get the embedded browser to work but not with the windows desktop support

[elecosoftdavidt]

I should add that I can also get it working in a non-embedded fashion by doing the following. In the client app creation

    String^ locahost = gcnew String(_T("http://localhost"));

    auto brokerOptions = gcnew BrokerOptions(BrokerOptions::OperatingSystems::Windows);
    auto builder = Microsoft::Identity::Client::PublicClientApplicationBuilder::Create(clientId);

    builder->WithRedirectUri(locahost);

and when trying to get the token interactively avoid using an embedded browser

Microsoft::Identity::Client::AcquireTokenInteractiveParameterBuilder^ interactiveParamBuilder = _pca->AcquireTokenInteractive(apiScopes);

interactiveParamBuilder->WithUseEmbeddedWebView(false);

[ashok672]

Closing this as the correct pattern to use broker is done as per you second message.

[elecosoftdavidt]

Hi ashok672, so the broker functionality should only be attempted using the non-embedded browser instead using a browser? I can get the broker functionality working using an embedded browser but just not with the WithWindowsDesktopFeatures option. Is this correct?