[React] `useAccount()` returns different user than `useMsal().instance.getActiveAccount()`

[SimonSimCity]

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

3.28.1

Wrapper Library

MSAL React (@azure/msal-react)

Wrapper Library Version

2.2.0

Public or Confidential Client?

Public

Description

The following conditions seem required for this bug to show up:

• Your application is a multitenant application.
• Your app allows users not only to log in from their home-tenant, but also to access the application as a guest.

The hook useAccount() returns a different account than the function instance.getActiveAccount() after switching to a tenant where the user is registered as guest. Triggering a re-render of the component holding the changes doesn't help; neither does the hook, provided in the related ticket: #6989 (comment)

Documents I've looked into to write my code:

• https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-common/docs/multi-tenant-accounts.md
• https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/accounts.md#active-account-apis
• https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-react/docs/hooks.md#useaccount-hook

Issues this might be related to:

• setActiveAccount() does not force a re-render of the MsalProvider's children #6989

Error Message

No response

MSAL Logs

Switching tenant:

host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getActiveAccount: Active account filters schema found
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getAccount called
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - CacheManager - getIdToken called
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: config
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: hardcoded_values
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata: found cloud discovery metadata in hardcoded_values, returning aliases
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Info - CacheManager:getIdToken - Returning ID token
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - getAccount called
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getAccount called
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Executing function acquireTokenSilentAsync
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Executing function initializeSilentRequest
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Executing function initializeBaseRequest
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getAccount called
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - CacheManager - getIdToken called
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: config
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: hardcoded_values
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata: found cloud discovery metadata in hardcoded_values, returning aliases
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Info - CacheManager:getIdToken - Returning ID token
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getAccount called
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - CacheManager - getIdToken called
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: config
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: hardcoded_values
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata: found cloud discovery metadata in hardcoded_values, returning aliases
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Info - CacheManager:getIdToken - Returning ID token
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Returning result from initializeBaseRequest
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Returning result from initializeSilentRequest
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - isPlatformBrokerAvailable called
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - isPlatformBrokerAvailable: allowPlatformBroker is not enabled, returning false
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Executing function acquireTokenFromCache
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Error occurred in acquireTokenFromCache
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - {"errorCode":"token_refresh_required","errorMessage":"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.","subError":"","name":"ClientAuthError"}
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Executing function acquireTokenByRefreshToken
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Executing function silentRefreshClientAcquireToken
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : msal.js.browser@4.7.0 : Trace - Executing function initializeBaseRequest
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getAccount called
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - CacheManager - getIdToken called
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: config
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: hardcoded_values
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata: found cloud discovery metadata in hardcoded_values, returning aliases
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Info - CacheManager:getIdToken - Returning ID token
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getAccount called
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - CacheManager - getIdToken called
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: config
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: hardcoded_values
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata: found cloud discovery metadata in hardcoded_values, returning aliases
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Info - CacheManager:getIdToken - Returning ID token
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : msal.js.browser@4.7.0 : Trace - Returning result from initializeBaseRequest
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : msal.js.browser@4.7.0 : Trace - Executing function standardInteractionClientGetClientConfiguration
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : msal.js.browser@4.7.0 : Trace - Executing function standardInteractionClientGetDiscoveredAuthority
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : msal.js.browser@4.7.0 : Trace - Executing function authorityFactoryCreateDiscoveredInstance
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : msal.js.browser@4.7.0 : Trace - Executing function authorityResolveEndpointsAsync
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getAuthorityMetadata: cache hit
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : msal.js.browser@4.7.0 : Trace - Executing function authorityUpdateCloudDiscoveryMetadata
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : msal.js.browser@4.7.0 : Trace - Returning result from authorityUpdateCloudDiscoveryMetadata
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : msal.js.browser@4.7.0 : Trace - Executing function authorityUpdateEndpointMetadata
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : msal.js.browser@4.7.0 : Trace - Returning result from authorityUpdateEndpointMetadata
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.setAuthorityMetadata called
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : msal.js.browser@4.7.0 : Trace - Returning result from authorityResolveEndpointsAsync
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : msal.js.browser@4.7.0 : Trace - Returning result from authorityFactoryCreateDiscoveredInstance
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : msal.js.browser@4.7.0 : Trace - Returning result from standardInteractionClientGetDiscoveredAuthority
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : msal.js.browser@4.7.0 : Trace - Returning result from standardInteractionClientGetClientConfiguration
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : msal.js.browser@4.7.0 : Trace - Executing function refreshTokenClientAcquireTokenByRefreshToken
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : @azure/msal-common@15.2.1 : Trace - Executing function refreshTokenClientAcquireTokenWithCachedRefreshToken
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : @azure/msal-common@15.2.1 : Trace - Executing function cacheManagerGetRefreshToken
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - CacheManager - getRefreshToken called
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getRefreshTokenCredential: cache hit
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: config
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: hardcoded_values
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata: found cloud discovery metadata in hardcoded_values, returning aliases
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Info - CacheManager:getRefreshToken - returning refresh token
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : @azure/msal-common@15.2.1 : Trace - Returning result from cacheManagerGetRefreshToken
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : @azure/msal-common@15.2.1 : Trace - Executing function refreshTokenClientAcquireToken
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : @azure/msal-common@15.2.1 : Trace - Executing function refreshTokenClientExecuteTokenRequest
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : @azure/msal-common@15.2.1 : Trace - Executing function refreshTokenClientCreateTokenRequestBody
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getServerTelemetry: called, no cache hit
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getServerTelemetry: called, no cache hit
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : @azure/msal-common@15.2.1 : Trace - Returning result from refreshTokenClientCreateTokenRequestBody
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : @azure/msal-common@15.2.1 : Trace - Executing function refreshTokenClientExecutePostToTokenEndpoint
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getThrottlingCache: called, no cache hit
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : @azure/msal-common@15.2.1 : Trace - Executing function networkClientSendPostRequestAsync
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : @azure/msal-common@15.2.1 : Trace - Returning result from networkClientSendPostRequestAsync
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getServerTelemetry: called, no cache hit
 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : @azure/msal-common@15.2.1 : Trace - Returning result from refreshTokenClientExecutePostToTokenEndpoint
 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : @azure/msal-common@15.2.1 : Trace - Returning result from refreshTokenClientExecuteTokenRequest
 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : @azure/msal-common@15.2.1 : Trace - Executing function handleServerTokenResponse
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getAccount called
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getAccount called
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.setAccount called
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Executing function setUserData
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Executing function encrypt
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Returning result from encrypt
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Returning result from setUserData
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.addAccountKeyToMap called
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.setIdTokenCredential called
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Executing function setUserData
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Executing function encrypt
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Returning result from encrypt
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Returning result from setUserData
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager addTokenKey called
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Info - BrowserCacheManager: addTokenKey - idToken added to map
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.setAccessTokenCredential called
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Executing function setUserData
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Executing function encrypt
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Returning result from encrypt
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Returning result from setUserData
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager addTokenKey called
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Info - BrowserCacheManager: addTokenKey - accessToken added to map
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.setRefreshTokenCredential called
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Executing function setUserData
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Executing function encrypt
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Returning result from encrypt
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Returning result from setUserData
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager addTokenKey called
 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : @azure/msal-common@15.2.1 : Trace - Returning result from handleServerTokenResponse
 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : @azure/msal-common@15.2.1 : Trace - Returning result from refreshTokenClientAcquireToken
 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : @azure/msal-common@15.2.1 : Trace - Returning result from refreshTokenClientAcquireTokenWithCachedRefreshToken
 [Tue, 18 Mar 2025 14:01:28 GMT] : [0195a98f-2f9f-7995-afea-4a070777b699] : msal.js.browser@4.7.0 : Trace - Returning result from refreshTokenClientAcquireTokenByRefreshToken
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Returning result from silentRefreshClientAcquireToken
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Returning result from acquireTokenByRefreshToken
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - Returning result from acquireTokenSilentAsync
 New accounts tenant: "17bb4eba-cb11-4b91-8b76-c57921c22c7e"
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getAccount called
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - CacheManager - getIdToken called
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: config
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: hardcoded_values
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata: found cloud discovery metadata in hardcoded_values, returning aliases
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: config
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: hardcoded_values
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata: found cloud discovery metadata in hardcoded_values, returning aliases
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Info - CacheManager:getIdToken - Returning ID token
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - CacheManager - getIdToken called
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: config
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: hardcoded_values
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata: found cloud discovery metadata in hardcoded_values, returning aliases
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: config
 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: hardcoded_values
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata: found cloud discovery metadata in hardcoded_values, returning aliases
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Info - CacheManager:getIdToken - Returning ID token
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getAccount called
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - CacheManager - getIdToken called
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: config
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: hardcoded_values
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata: found cloud discovery metadata in hardcoded_values, returning aliases
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: config
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: hardcoded_values
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata: found cloud discovery metadata in hardcoded_values, returning aliases
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Info - CacheManager:getIdToken - Returning ID token
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - CacheManager - getIdToken called
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: config
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: hardcoded_values
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata: found cloud discovery metadata in hardcoded_values, returning aliases
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: config
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: hardcoded_values
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata: found cloud discovery metadata in hardcoded_values, returning aliases
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Info - CacheManager:getIdToken - Returning ID token
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getActiveAccount: Active account filters schema found
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getAccount called
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - CacheManager - getIdToken called
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: config
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: hardcoded_values
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata: found cloud discovery metadata in hardcoded_values, returning aliases
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: config
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: hardcoded_values
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata: found cloud discovery metadata in hardcoded_values, returning aliases
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Info - CacheManager:getIdToken - Returning ID token
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-react@3.0.6 : Info - useAccount - Updating account
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getActiveAccount: Active account filters schema found
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getAccount called
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - CacheManager - getIdToken called
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: config
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: hardcoded_values
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata: found cloud discovery metadata in hardcoded_values, returning aliases
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: config
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: hardcoded_values
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata: found cloud discovery metadata in hardcoded_values, returning aliases
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Info - CacheManager:getIdToken - Returning ID token
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-react@3.0.6 : Info - useAccount - Updating account
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getActiveAccount: Active account filters schema found
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getAccount called
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - CacheManager - getIdToken called
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: config
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: hardcoded_values
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata: found cloud discovery metadata in hardcoded_values, returning aliases
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: config
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: hardcoded_values
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata: found cloud discovery metadata in hardcoded_values, returning aliases
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Info - CacheManager:getIdToken - Returning ID token
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getActiveAccount: Active account filters schema found
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getAccount called
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - CacheManager - getIdToken called
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: config
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: hardcoded_values
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata: found cloud discovery metadata in hardcoded_values, returning aliases
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-browser@4.7.0 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: config
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata called with source: hardcoded_values
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Trace - getAliasesFromMetadata: found cloud discovery metadata in hardcoded_values, returning aliases
host-console-events.js:1 [Tue, 18 Mar 2025 14:01:28 GMT] : [] : @azure/msal-common@15.2.1 : Info - CacheManager:getIdToken - Returning ID token

Network Trace (Preferrably Fiddler)

• Sent
• Pending

MSAL Configuration

{
  auth: {
    // Any business account is allowed here (https://learn.microsoft.com/en-us/entra/identity-platform/msal-client-application-configuration#authority)
    authority: "https://login.microsoftonline.com/organizations/",
    clientId: import.meta.env.VITE_AZURE_CLIENT_ID,
  },
  cache: {
    // Share login state across tabs and windows
    cacheLocation: "localStorage",
  },
}

Relevant Code Snippets

export const getAuthority = (tenantId: string) =>
  `https://login.microsoftonline.com/${tenantId}/`;

const getActiveAccount = () => {
  const activeAccount = pca.getActiveAccount();
  if (!activeAccount) {
    /*
     * User is not signed in. Throw error or wait for user to login.
     * Do not attempt to log a user in outside of the context of MsalProvider.
     */
    throw new Error("Could not set guest tenant session: No active account!");
  }

  return activeAccount;
};

export const getAuthResult = async (request: SilentRequest & PopupRequest) => {
  try {
    return await pca.acquireTokenSilent(request);
  } catch (error) {
    if (error instanceof InteractionRequiredAuthError) {
      // Possible reasons are expired tokens, MFA (multi-factor authentication) required, etc.
      return await pca.acquireTokenPopup(request);
    } else {
      throw error;
    }
  }
};

export const setTenantAsActive = async (tenantId: string) => {
  const activeAccount = getActiveAccount();

  // Check if the user is already logged in on the given tenant.
  const guestAccount = pca.getAccount({
    homeAccountId: activeAccount.homeAccountId,
    tenantId,
  });

  const request = guestAccount
    ? {
        ...backendAuthRequest,
        account: guestAccount,
        authority: getAuthority(tenantId),
      }
    : {
        ...backendAuthRequest,
        account: activeAccount,
        // Force acquireTokenSilent to use the cached refresh token to acquire an access token from the tenant in the authority instead
        cacheLookupPolicy: CacheLookupPolicy.RefreshToken, // alternatively, you can set forceRefresh: true
        // forceRefresh: true, // TODO: When using `cacheLookupPolicy` instead of this setting, we risk getting an error message telling that an external user is not found in the tenant - specially if he is from a tenant we had loaded the profile of. We need to check the reason for this and create a proper fix.
        authority: getAuthority(tenantId),
      };

  const account = (await getAuthResult(request)).account;
  console.log(`New accounts tenant: ${JSON.stringify(account.tenantId)}`);
  pca.setActiveAccount(account);
};

export const acquireAccessToken = async () => {
  const account = getActiveAccount();
  return (
    await getAuthResult({
      ...backendAuthRequest,
      account,
      authority: getAuthority(account.tenantId),
    })
  ).accessToken;
};

setTenantAsActive(tenantId)

Reproduction Steps

1. Create a new application in an Entra tenant.
   1. Add an authentication for SPA with the URL https://fkjr6y.csb.app/.
   2. On this authentication, set Supported account types to Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant).
   3. Open Expose and API and register a new scope (remember its name).
   4. Remember the id of the application (client-id).
2. Create a user in an Entra tenant.
3. Invite this user to another Entra tenant.
4. Open https://codesandbox.io/p/sandbox/wonderful-microservice-fkjr6y and set both the client-id and scope in config.js.
5. Log in with the created user.
6. Switch to the other tenant where the users is registered as guest by entering its tenant-id into the input field and press Switch.
7. You should see different tenant-ids.

Expected Behavior

Those tenant-ids should be the same.

Identity Provider

Entra ID (formerly Azure AD) / MSA

Browsers Affected (Select all that apply)

Other

Regression

No response