Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] acquireTokenSilently method for Operating System account is deprecated #868

Open
MikeVautier opened this issue Oct 3, 2024 · 5 comments
Open

[Bug] acquireTokenSilently method for Operating System account is deprecated #868

MikeVautier opened this issue Oct 3, 2024 · 5 comments
Labels
Broker For issues related to the msal4j-brokers package P2 Normal priority items, should be done after P1 public-client For questions/issues related to public client apps

Comments

@MikeVautier
Copy link

Library version used

1.17.2

Java version

17

Scenario

Other - please specify

Is this a new or an existing app?

This is a new app or experiment

Issue description and reproduction steps

Hi,

I'm trying to use acquireTokenSilently with a WAM to get a token from the Operating System cache.

This works:

     Broker broker = new Broker.Builder()
           .supportWindows(true)
           .build();
     
     PublicClientApplication pca = PublicClientApplication.builder(CLIENT_ID)
           .authority(AUTHORITY)
           .broker(broker)
           .build();

     SilentParameters silentParameters = SilentParameters.builder(SCOPES).build();

     IAuthenticationResult result = pca.acquireTokenSilently(silentParameters).join();
     System.out.println(result.accessToken());

However, SilentParameters.builder(Set<String>) is marked deprecated and for removal in the next major build.

Is this deprecation annotation correct? If so, is there a recommended method to get the token from the OS Account? The only other builder method requires an Account to be supplied, which appears to be for an application-controlled account, not the system account.

Thanks

Relevant code snippets

Broker broker = new Broker.Builder()
           .supportWindows(true)
           .build();
     
     PublicClientApplication pca = PublicClientApplication.builder(CLIENT_ID)
           .authority(AUTHORITY)
           .broker(broker)
           .build();

     // with no account - this works but is deprecated
     SilentParameters silentParameters = SilentParameters.builder(SCOPES).build();

     // with the PCA account - this throws an error as there are no accounts
     // SilentParameters silentParameters = SilentParameters.builder(SCOPES, pca.getAccounts().join().iterator().next()).build();

     IAuthenticationResult result = pca.acquireTokenSilently(silentParameters).join();
     System.out.println(result.accessToken());

Expected behavior

SilentParameters.builder(SCOPES) to be un-deprecated

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

No response
@MikeVautier MikeVautier added needs attention Automatically used when an issue is created through an issue template untriaged Automatically used when an issue is created through an issue template labels Oct 3, 2024
@jayendranar02
Copy link

i do like to contribute pls assign...

@jayendranar02
Copy link

Ensure that there are accounts in the cache. If you're expecting an account to be available, check the account retrieval logic:
java code:-
List accounts = pca.getAccounts().join();
if (accounts.isEmpty()) {
// Handle the scenario where no accounts are available
} else {
SilentParameters silentParameters = SilentParameters.builder(SCOPES, accounts.get(0)).build();
IAuthenticationResult result = pca.acquireTokenSilently(silentParameters).join();
System.out.println(result.accessToken());
}

@jayendranar02
Copy link

Documentation Review: Review the latest MSAL documentation to see if there are new patterns or methods for silent authentication that replace the deprecated builder.

Update Your Implementation: If the library maintains the new requirement for accounts, adjust your implementation to handle account retrieval properly and use the updated builder method.

@jayendranar02
Copy link

Conclusion
Your main concern revolves around the deprecation of a method that you rely on for token acquisition. As libraries evolve, it's common for methods to be deprecated in favor of more robust solutions. Adjusting your code to accommodate these changes will help maintain compatibility with future versions of the library.

@Avery-Dunn
Copy link
Collaborator

Hello @jayendranar02 : Long story short, that deprecated SilentParameters builder was originally used for confidential client scenarios (which didn't use an account), but a while back we started handling the silent flow internally so you didn't need to use it (which is why it was deprecated)

However, after support for WAM was added that API was repurposed to handle the new default OS account option when using the broker. It was an oversight to not un-deprecate it and make that behavior more clear, and we will fix that in an upcoming release. No ETA yet, but it is a simple fix and I'll update this thread once we have more info about the release.

@Avery-Dunn Avery-Dunn added P2 Normal priority items, should be done after P1 public-client For questions/issues related to public client apps Broker For issues related to the msal4j-brokers package and removed needs attention Automatically used when an issue is created through an issue template untriaged Automatically used when an issue is created through an issue template labels Oct 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Broker For issues related to the msal4j-brokers package P2 Normal priority items, should be done after P1 public-client For questions/issues related to public client apps
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@MikeVautier @Avery-Dunn @jayendranar02