Cache tokens don't work with ADAL 5.1.0.0 with broker and InTune SDK

Question

Cache tokens don't work with ADAL 5.1.0.0 with broker and InTune SDK

Closed this issue 5 years ago · 15 comments

Deleted user commented 5 years ago

Which Version of ADAL are you using ?
5.1.0.0

Which platform has the issue?
Xamarin Android, Xamarin iOS

What authentication flow has the issue?

Other?
ADAL with Broker

Is this a new or existing app?
Existing apps - all 6 apps we have that use Broker and ADAL

Repro
https://github.com/biozal/Xamarin-Forms-Reference-App/blob/master/Mobile.RefApp.Lib/ADAL/AzureAuthenticatorService.cs

Expected behavior
When calling AcquireTokenSilentAsync we expect a token to return after a token is acquired and put into the Token Cache.

Actual behavior
When calling AcquireTokenSilentAsync - the call fails and we handle this via AdalSilentTokenAcquisitionException. In the Exception we call the standard AcquireTokenAsync and that returns a valid token. Upon next call to AcquireTokenSilentAsync it fails again even though when looking at the Pii log there was a token in cache. After the failure, the token is removed from the cache and the next call shows the cache at zero items. Every call to acquire token silent fails so the user is prompted for broker for every call.

Possible Solution
This seems very similar to the other bugs about cache tokens not working:
#1625
#1626

Additional context/ Logs / Screenshots
I have a movie I can make available upon request.

Pii logs are below:

2019-07-20 01:10:47.448 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:10:47.4379230Z: 0d2bb926-a7cf-4d86-843d-b0bc6265918b - AdalLoggerBase.cs: ADAL PCL.iOS with assembly version '5.1.0.0', file version '5.1.0.0' and informational version '5.1.0' is running...
2019-07-20 01:10:47.449 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:10:47.4491050Z: 0d2bb926-a7cf-4d86-843d-b0bc6265918b - AdalLoggerBase.cs: === Token Acquisition started: 
	CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (0 items)
	Authentication Target: User
	, Authority Host: login.microsoftonline.com
Thread started:  #7
Thread started:  #8
Thread started:  #9
2019-07-20 01:10:47.534 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:10:47.5339980Z: 0d2bb926-a7cf-4d86-843d-b0bc6265918b - AdalLoggerBase.cs: Returned correlation id 'b2d7dfdd-c8cd-475e-b3a7-c49f63ed1eef' does not match the sent correlation id '0d2bb926-a7cf-4d86-843d-b0bc6265918b'
2019-07-20 01:10:47.568 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:10:47.5688680Z: 0d2bb926-a7cf-4d86-843d-b0bc6265918b - AdalLoggerBase.cs: Loading from cache.
2019-07-20 01:10:47.572 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:10:47.5724020Z: 0d2bb926-a7cf-4d86-843d-b0bc6265918b - AdalLoggerBase.cs: Looking up cache for a token...
2019-07-20 01:10:47.579 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:10:47.5794550Z: 0d2bb926-a7cf-4d86-843d-b0bc6265918b - AdalLoggerBase.cs: No matching token was found in the cache
2019-07-20 01:10:47.579 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:10:47.5795330Z: 0d2bb926-a7cf-4d86-843d-b0bc6265918b - AdalLoggerBase.cs: Checking MSAL cache for user token cache
2019-07-20 01:10:47.635 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:10:47.6352190Z: 0d2bb926-a7cf-4d86-843d-b0bc6265918b - AdalLoggerBase.cs: A match was found in the MSAL cache ? True
2019-07-20 01:10:47.635 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:10:47.6354580Z: 0d2bb926-a7cf-4d86-843d-b0bc6265918b - AdalLoggerBase.cs: Refreshing the AT based on the RT.
2019-07-20 01:10:47.635 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:10:47.6356210Z: 0d2bb926-a7cf-4d86-843d-b0bc6265918b - AdalLoggerBase.cs: Refreshing access token...
Thread started:  #10
2019-07-20 01:10:48.535 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:10:48.5352120Z: 0d2bb926-a7cf-4d86-843d-b0bc6265918b - AdalLoggerBase.cs: Response status code does not indicate success: 400 (BadRequest).
2019-07-20 01:10:48.541 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:10:48.5410140Z: 0d2bb926-a7cf-4d86-843d-b0bc6265918b - AdalLoggerBase.cs: A service exception occurred
2019-07-20 01:10:48.542 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:10:48.5420590Z: 0d2bb926-a7cf-4d86-843d-b0bc6265918b - AdalLoggerBase.cs: IsDeviceCode? False
2019-07-20 01:10:48.553 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:10:48.5528360Z: 0d2bb926-a7cf-4d86-843d-b0bc6265918b - AdalLoggerBase.cs: TokenResponse ? True
2019-07-20 01:10:48.565 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:10:48.5647900Z: 0d2bb926-a7cf-4d86-843d-b0bc6265918b - AdalLoggerBase.cs: Either a token was not found or an exception was thrown.
2019-07-20 01:10:48.565 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:10:48.5655000Z: 0d2bb926-a7cf-4d86-843d-b0bc6265918b - AdalLoggerBase.cs: Cannot invoke the broker directly, may require install ...
2019-07-20 01:10:48.567 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:10:48.5672870Z: 0d2bb926-a7cf-4d86-843d-b0bc6265918b - AdalLoggerBase.cs: Check and AcquireToken using broker 
2019-07-20 01:10:48.567 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:10:48.5676780Z: 0d2bb926-a7cf-4d86-843d-b0bc6265918b - AdalLoggerBase.cs: Broker invocation is NOT required
2019-07-20 01:10:48.580 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:10:48.5804400Z: 0d2bb926-a7cf-4d86-843d-b0bc6265918b - AdalLoggerBase.cs: Exception type: Microsoft.IdentityModel.Clients.ActiveDirectory.AdalSilentTokenAcquisitionException
, ErrorCode: failed_to_acquire_token_silently
---> Inner Exception Details
Exception type: Microsoft.IdentityModel.Clients.ActiveDirectory.AdalClaimChallengeException
, ErrorCode: interaction_required
, StatusCode: 0
---> Inner Exception Details
Exception type: Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException
, ErrorCode: BadRequest
, StatusCode: 400

  at Microsoft.Identity.Core.OAuth2.OAuthClient.GetResponseAsync[T] (System.Boolean respondToDeviceAuthChallenge) [0x00148] in <b4c672b41d6c4caeabfd2f73c4478177>:0 

=== End of inner exception stack trace ===

  at Microsoft.Identity.Core.OAuth2.OAuthClient.GetResponseAsync[T] (System.Boolean respondToDeviceAuthChallenge) [0x00270] in <b4c672b41d6c4caeabfd2f73c4478177>:0 
  at Microsoft.Identity.Core.OAuth2.OAuthClient.GetResponseAsync[T] () [0x0006d] in <b4c672b41d6c4caeabfd2f73c4478177>:0 
  at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.SendHttpMessageAsync (Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.IRequestParameters requestParameters) [0x00098] in <b4c672b41d6c4caeabfd2f73c4478177>:0 
  at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.SendTokenRequestByRefreshTokenAsync (System.String refreshToken) [0x000c9] in <b4c672b41d6c4caeabfd2f73c4478177>:0 
  at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.RefreshAccessTokenAsync (Microsoft.Identity.Core.Cache.AdalResultWrapper result) [0x000a3] in <b4c672b41d6c4caeabfd2f73c4478177>:0 

=== End of inner exception stack trace ===

  at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenSilentHandler.SendTokenRequestAsync () [0x00033] in <b4c672b41d6c4caeabfd2f73c4478177>:0 
  at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.CheckAndAcquireTokenUsingBrokerAsync () [0x000df] in <b4c672b41d6c4caeabfd2f73c4478177>:0 
  at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.RunAsync () [0x004db] in <b4c672b41d6c4caeabfd2f73c4478177>:0 

2019-07-20 01:10:48.589 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:10:48.5895720Z: bd96c802-43fc-4322-84a2-1589aee00741 - AdalLoggerBase.cs: ADAL PCL.iOS with assembly version '5.1.0.0', file version '5.1.0.0' and informational version '5.1.0' is running...
2019-07-20 01:10:48.589 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:10:48.5897300Z: bd96c802-43fc-4322-84a2-1589aee00741 - AdalLoggerBase.cs: === Token Acquisition started: 
	CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (0 items)
	Authentication Target: User
	, Authority Host: login.microsoftonline.com
2019-07-20 01:10:48.591 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:10:48.5910050Z: bd96c802-43fc-4322-84a2-1589aee00741 - AdalLoggerBase.cs: Loading from cache.
2019-07-20 01:10:48.592 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:10:48.5924110Z: bd96c802-43fc-4322-84a2-1589aee00741 - AdalLoggerBase.cs: Looking up cache for a token...
2019-07-20 01:10:48.592 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:10:48.5925040Z: bd96c802-43fc-4322-84a2-1589aee00741 - AdalLoggerBase.cs: No matching token was found in the cache
2019-07-20 01:10:48.592 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:10:48.5925580Z: bd96c802-43fc-4322-84a2-1589aee00741 - AdalLoggerBase.cs: Checking MSAL cache for user token cache
2019-07-20 01:10:48.617 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:10:48.6172410Z: bd96c802-43fc-4322-84a2-1589aee00741 - AdalLoggerBase.cs: A match was found in the MSAL cache ? True
2019-07-20 01:10:48.617 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:10:48.6173560Z: bd96c802-43fc-4322-84a2-1589aee00741 - AdalLoggerBase.cs: Refreshing the AT based on the RT.
2019-07-20 01:10:48.617 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:10:48.6173940Z: bd96c802-43fc-4322-84a2-1589aee00741 - AdalLoggerBase.cs: Refreshing access token...
Thread started:  #11
2019-07-20 01:10:49.347 EY.Mobile.CTMob.iOS[23741:17272599] 2019-07-20T05:10:49.3476130Z: bd96c802-43fc-4322-84a2-1589aee00741 - AdalLoggerBase.cs: Response status code does not indicate success: 400 (BadRequest).
2019-07-20 01:10:49.348 EY.Mobile.CTMob.iOS[23741:17272599] 2019-07-20T05:10:49.3487080Z: bd96c802-43fc-4322-84a2-1589aee00741 - AdalLoggerBase.cs: A service exception occurred
2019-07-20 01:10:49.349 EY.Mobile.CTMob.iOS[23741:17272599] 2019-07-20T05:10:49.3491720Z: bd96c802-43fc-4322-84a2-1589aee00741 - AdalLoggerBase.cs: IsDeviceCode? False
2019-07-20 01:10:49.350 EY.Mobile.CTMob.iOS[23741:17272599] 2019-07-20T05:10:49.3506970Z: bd96c802-43fc-4322-84a2-1589aee00741 - AdalLoggerBase.cs: TokenResponse ? True
2019-07-20 01:10:49.359 EY.Mobile.CTMob.iOS[23741:17272599] 2019-07-20T05:10:49.3592490Z: bd96c802-43fc-4322-84a2-1589aee00741 - AdalLoggerBase.cs: Either a token was not found or an exception was thrown.
2019-07-20 01:10:49.368 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:10:49.3683700Z: bd96c802-43fc-4322-84a2-1589aee00741 - AdalLoggerBase.cs: iOS Broker can be invoked. 
2019-07-20 01:10:49.369 EY.Mobile.CTMob.iOS[23741:17272599] 2019-07-20T05:10:49.3692660Z: bd96c802-43fc-4322-84a2-1589aee00741 - AdalLoggerBase.cs: Trying to acquire a token using the broker...
2019-07-20 01:10:49.380 EY.Mobile.CTMob.iOS[23741:17272599] 2019-07-20T05:10:49.3798690Z: bd96c802-43fc-4322-84a2-1589aee00741 - AdalLoggerBase.cs: Invoking the iOS broker. 
2019-07-20 01:10:55.020 EY.Mobile.CTMob.iOS[23741:17272598] 2019-07-20T05:10:55.0200240Z: bd96c802-43fc-4322-84a2-1589aee00741 - AdalLoggerBase.cs: Processing response from iOS Broker. 
2019-07-20 01:10:55.027 EY.Mobile.CTMob.iOS[23741:17272598] 2019-07-20T05:10:55.0271170Z: bd96c802-43fc-4322-84a2-1589aee00741 - AdalLoggerBase.cs: Broker response successful. 
2019-07-20 01:10:55.028 EY.Mobile.CTMob.iOS[23741:17272598] 2019-07-20T05:10:55.0287190Z: bd96c802-43fc-4322-84a2-1589aee00741 - AdalLoggerBase.cs: Storing token in the cache...
2019-07-20 01:10:55.030 EY.Mobile.CTMob.iOS[23741:17272598] 2019-07-20T05:10:55.0299790Z: bd96c802-43fc-4322-84a2-1589aee00741 - AdalLoggerBase.cs: An item was stored in the cache
2019-07-20 01:10:55.044 EY.Mobile.CTMob.iOS[23741:17272598] 2019-07-20T05:10:55.0446110Z: 00000000-0000-0000-0000-000000000000 - AdalLoggerBase.cs: Serializing token cache with 1 items.
2019-07-20 01:10:55.052 EY.Mobile.CTMob.iOS[23741:17272598] 2019-07-20T05:10:55.0524450Z: 00000000-0000-0000-0000-000000000000 - AdalLoggerBase.cs: Failed to remove adal cache record: 
2019-07-20 01:10:55.055 EY.Mobile.CTMob.iOS[23741:17272598] 2019-07-20T05:10:55.0550180Z: 00000000-0000-0000-0000-000000000000 - AdalLoggerBase.cs: Failed to save adal cache record: 
2019-07-20 01:10:55.055 EY.Mobile.CTMob.iOS[23741:17272598] 2019-07-20T05:10:55.0555500Z: bd96c802-43fc-4322-84a2-1589aee00741 - AdalLoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 7/20/2019 5:40:54 AM +00:00
Thread finished: <Thread Pool> #5
Thread finished: <Thread Pool> #6
2019-07-20 01:11:30.456 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:30.4564640Z: 2643331b-dc8e-4178-875b-214e6355e1ea - AdalLoggerBase.cs: ADAL PCL.iOS with assembly version '5.1.0.0', file version '5.1.0.0' and informational version '5.1.0' is running...
2019-07-20 01:11:30.457 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:30.4573840Z: 2643331b-dc8e-4178-875b-214e6355e1ea - AdalLoggerBase.cs: === Token Acquisition started: 
	CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (1 items)
	Authentication Target: User
	, Authority Host: login.microsoftonline.com
2019-07-20 01:11:30.458 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:30.4581130Z: 2643331b-dc8e-4178-875b-214e6355e1ea - AdalLoggerBase.cs: Loading from cache.
2019-07-20 01:11:30.463 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:30.4630200Z: 2643331b-dc8e-4178-875b-214e6355e1ea - AdalLoggerBase.cs: Looking up cache for a token...
2019-07-20 01:11:30.463 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:30.4637040Z: 2643331b-dc8e-4178-875b-214e6355e1ea - AdalLoggerBase.cs: No matching token was found in the cache
2019-07-20 01:11:30.464 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:30.4640020Z: 2643331b-dc8e-4178-875b-214e6355e1ea - AdalLoggerBase.cs: Checking MSAL cache for user token cache
2019-07-20 01:11:30.511 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:30.5116300Z: 2643331b-dc8e-4178-875b-214e6355e1ea - AdalLoggerBase.cs: A match was found in the MSAL cache ? True
2019-07-20 01:11:30.511 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:30.5118070Z: 2643331b-dc8e-4178-875b-214e6355e1ea - AdalLoggerBase.cs: Refreshing the AT based on the RT.
2019-07-20 01:11:30.511 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:30.5118680Z: 2643331b-dc8e-4178-875b-214e6355e1ea - AdalLoggerBase.cs: Refreshing access token...
Thread started:  #12
Thread started: <Thread Pool> #13
Thread started: <Thread Pool> #14
2019-07-20 01:11:38.664 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:11:38.6640350Z: 2643331b-dc8e-4178-875b-214e6355e1ea - AdalLoggerBase.cs: Response status code does not indicate success: 400 (BadRequest).
2019-07-20 01:11:38.665 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:11:38.6653090Z: 2643331b-dc8e-4178-875b-214e6355e1ea - AdalLoggerBase.cs: A service exception occurred
2019-07-20 01:11:38.665 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:11:38.6658470Z: 2643331b-dc8e-4178-875b-214e6355e1ea - AdalLoggerBase.cs: IsDeviceCode? False
Thread started: <Thread Pool> #15
Thread started: <Thread Pool> #16
Thread started: <Thread Pool> #17
Thread started: <Thread Pool> #18
2019-07-20 01:11:38.671 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:11:38.6709660Z: 2643331b-dc8e-4178-875b-214e6355e1ea - AdalLoggerBase.cs: TokenResponse ? True
2019-07-20 01:11:38.681 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:11:38.6815800Z: 2643331b-dc8e-4178-875b-214e6355e1ea - AdalLoggerBase.cs: Either a token was not found or an exception was thrown.
2019-07-20 01:11:38.682 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:11:38.6822170Z: 2643331b-dc8e-4178-875b-214e6355e1ea - AdalLoggerBase.cs: Cannot invoke the broker directly, may require install ...
2019-07-20 01:11:38.682 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:11:38.6824240Z: 2643331b-dc8e-4178-875b-214e6355e1ea - AdalLoggerBase.cs: Check and AcquireToken using broker 
2019-07-20 01:11:38.682 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:11:38.6826130Z: 2643331b-dc8e-4178-875b-214e6355e1ea - AdalLoggerBase.cs: Broker invocation is NOT required
2019-07-20 01:11:38.704 EY.Mobile.CTMob.iOS[23741:17272597] 2019-07-20T05:11:38.7036350Z: 2643331b-dc8e-4178-875b-214e6355e1ea - AdalLoggerBase.cs: Exception type: Microsoft.IdentityModel.Clients.ActiveDirectory.AdalSilentTokenAcquisitionException
, ErrorCode: failed_to_acquire_token_silently
---> Inner Exception Details
Exception type: Microsoft.IdentityModel.Clients.ActiveDirectory.AdalClaimChallengeException
, ErrorCode: interaction_required
, StatusCode: 0
---> Inner Exception Details
Exception type: Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException
, ErrorCode: BadRequest
, StatusCode: 400

  at Microsoft.Identity.Core.OAuth2.OAuthClient.GetResponseAsync[T] (System.Boolean respondToDeviceAuthChallenge) [0x00148] in <b4c672b41d6c4caeabfd2f73c4478177>:0 

=== End of inner exception stack trace ===

  at Microsoft.Identity.Core.OAuth2.OAuthClient.GetResponseAsync[T] (System.Boolean respondToDeviceAuthChallenge) [0x00270] in <b4c672b41d6c4caeabfd2f73c4478177>:0 
  at Microsoft.Identity.Core.OAuth2.OAuthClient.GetResponseAsync[T] () [0x0006d] in <b4c672b41d6c4caeabfd2f73c4478177>:0 
  at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.SendHttpMessageAsync (Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.IRequestParameters requestParameters) [0x00098] in <b4c672b41d6c4caeabfd2f73c4478177>:0 
  at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.SendTokenRequestByRefreshTokenAsync (System.String refreshToken) [0x000c9] in <b4c672b41d6c4caeabfd2f73c4478177>:0 
  at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.RefreshAccessTokenAsync (Microsoft.Identity.Core.Cache.AdalResultWrapper result) [0x000a3] in <b4c672b41d6c4caeabfd2f73c4478177>:0 

=== End of inner exception stack trace ===

  at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenSilentHandler.SendTokenRequestAsync () [0x00033] in <b4c672b41d6c4caeabfd2f73c4478177>:0 
  at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.CheckAndAcquireTokenUsingBrokerAsync () [0x000df] in <b4c672b41d6c4caeabfd2f73c4478177>:0 
  at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.RunAsync () [0x004db] in <b4c672b41d6c4caeabfd2f73c4478177>:0 

2019-07-20 01:11:38.734 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:38.7349130Z: 7b849622-1f12-4d28-9492-0a5778f6357b - AdalLoggerBase.cs: ADAL PCL.iOS with assembly version '5.1.0.0', file version '5.1.0.0' and informational version '5.1.0' is running...
2019-07-20 01:11:38.735 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:38.7350860Z: 7b849622-1f12-4d28-9492-0a5778f6357b - AdalLoggerBase.cs: === Token Acquisition started: 
	CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (0 items)
	Authentication Target: User
	, Authority Host: login.microsoftonline.com
2019-07-20 01:11:38.735 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:38.7352270Z: 7b849622-1f12-4d28-9492-0a5778f6357b - AdalLoggerBase.cs: Loading from cache.
2019-07-20 01:11:38.736 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:38.7366090Z: 7b849622-1f12-4d28-9492-0a5778f6357b - AdalLoggerBase.cs: Looking up cache for a token...
2019-07-20 01:11:38.736 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:38.7367240Z: 7b849622-1f12-4d28-9492-0a5778f6357b - AdalLoggerBase.cs: No matching token was found in the cache
2019-07-20 01:11:38.736 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:38.7367960Z: 7b849622-1f12-4d28-9492-0a5778f6357b - AdalLoggerBase.cs: Checking MSAL cache for user token cache
2019-07-20 01:11:38.758 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:38.7581990Z: 7b849622-1f12-4d28-9492-0a5778f6357b - AdalLoggerBase.cs: A match was found in the MSAL cache ? True
2019-07-20 01:11:38.758 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:38.7583320Z: 7b849622-1f12-4d28-9492-0a5778f6357b - AdalLoggerBase.cs: Refreshing the AT based on the RT.
2019-07-20 01:11:38.758 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:38.7583780Z: 7b849622-1f12-4d28-9492-0a5778f6357b - AdalLoggerBase.cs: Refreshing access token...
2019-07-20 01:11:38.764 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:38.7645330Z: 27c2d418-6fc1-4114-8340-3d1713b4d80e - AdalLoggerBase.cs: ADAL PCL.iOS with assembly version '5.1.0.0', file version '5.1.0.0' and informational version '5.1.0' is running...
2019-07-20 01:11:38.764 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:38.7646440Z: 27c2d418-6fc1-4114-8340-3d1713b4d80e - AdalLoggerBase.cs: === Token Acquisition started: 
	CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (0 items)
	Authentication Target: User
	, Authority Host: login.microsoftonline.com
2019-07-20 01:11:38.764 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:38.7648770Z: 27c2d418-6fc1-4114-8340-3d1713b4d80e - AdalLoggerBase.cs: Loading from cache.
2019-07-20 01:11:38.766 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:38.7660590Z: 27c2d418-6fc1-4114-8340-3d1713b4d80e - AdalLoggerBase.cs: Looking up cache for a token...
2019-07-20 01:11:38.766 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:38.7661470Z: 27c2d418-6fc1-4114-8340-3d1713b4d80e - AdalLoggerBase.cs: No matching token was found in the cache
2019-07-20 01:11:38.766 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:38.7661840Z: 27c2d418-6fc1-4114-8340-3d1713b4d80e - AdalLoggerBase.cs: Checking MSAL cache for user token cache
2019-07-20 01:11:38.786 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:38.7864260Z: 27c2d418-6fc1-4114-8340-3d1713b4d80e - AdalLoggerBase.cs: A match was found in the MSAL cache ? True
2019-07-20 01:11:38.786 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:38.7865380Z: 27c2d418-6fc1-4114-8340-3d1713b4d80e - AdalLoggerBase.cs: Refreshing the AT based on the RT.
2019-07-20 01:11:38.786 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:38.7865670Z: 27c2d418-6fc1-4114-8340-3d1713b4d80e - AdalLoggerBase.cs: Refreshing access token...
Thread started:  #19
Thread started:  #20
2019-07-20 01:11:39.487 EY.Mobile.CTMob.iOS[23741:17272907] 2019-07-20T05:11:39.4872760Z: 27c2d418-6fc1-4114-8340-3d1713b4d80e - AdalLoggerBase.cs: Response status code does not indicate success: 400 (BadRequest).
2019-07-20 01:11:39.487 EY.Mobile.CTMob.iOS[23741:17272910] 2019-07-20T05:11:39.4872760Z: 27c2d418-6fc1-4114-8340-3d1713b4d80e - AdalLoggerBase.cs: Response status code does not indicate success: 400 (BadRequest).
2019-07-20 01:11:39.488 EY.Mobile.CTMob.iOS[23741:17272907] 2019-07-20T05:11:39.4884160Z: 7b849622-1f12-4d28-9492-0a5778f6357b - AdalLoggerBase.cs: A service exception occurred
2019-07-20 01:11:39.488 EY.Mobile.CTMob.iOS[23741:17272910] 2019-07-20T05:11:39.4884160Z: 7b849622-1f12-4d28-9492-0a5778f6357b - AdalLoggerBase.cs: A service exception occurred
2019-07-20T05:11:39.4885280Z: 27c2d418-6fc1-4114-8340-3d1713b4d80e - AdalLoggerBase.cs: A service exception occurred
2019-07-20 01:11:39.488 EY.Mobile.CTMob.iOS[23741:17272907] 2019-07-20T05:11:39.4888060Z: 7b849622-1f12-4d28-9492-0a5778f6357b - AdalLoggerBase.cs: IsDeviceCode? False
2019-07-20 01:11:39.488 EY.Mobile.CTMob.iOS[23741:17272910] 2019-07-20T05:11:39.4888060Z: 7b849622-1f12-4d28-9492-0a5778f6357b - AdalLoggerBase.cs: IsDeviceCode? False
2019-07-20T05:11:39.4888730Z: 27c2d418-6fc1-4114-8340-3d1713b4d80e - AdalLoggerBase.cs: IsDeviceCode? False
2019-07-20 01:11:39.490 EY.Mobile.CTMob.iOS[23741:17272910] 2019-07-20T05:11:39.4903740Z: 7b849622-1f12-4d28-9492-0a5778f6357b - AdalLoggerBase.cs: TokenResponse ? True
2019-07-20 01:11:39.490 EY.Mobile.CTMob.iOS[23741:17272907] 2019-07-20T05:11:39.4903740Z: 7b849622-1f12-4d28-9492-0a5778f6357b - AdalLoggerBase.cs: TokenResponse ? True
2019-07-20 01:11:39.499 EY.Mobile.CTMob.iOS[23741:17272907] 2019-07-20T05:11:39.4990790Z: 7b849622-1f12-4d28-9492-0a5778f6357b - AdalLoggerBase.cs: Either a token was not found or an exception was thrown.
2019-07-20 01:11:39.499 EY.Mobile.CTMob.iOS[23741:17272910] 2019-07-20T05:11:39.4990790Z: 7b849622-1f12-4d28-9492-0a5778f6357b - AdalLoggerBase.cs: Either a token was not found or an exception was thrown.
2019-07-20 01:11:39.499 EY.Mobile.CTMob.iOS[23741:17272907] 2019-07-20T05:11:39.4997370Z: 7b849622-1f12-4d28-9492-0a5778f6357b - AdalLoggerBase.cs: Cannot invoke the broker directly, may require install ...
2019-07-20 01:11:39.500 EY.Mobile.CTMob.iOS[23741:17272907] 2019-07-20T05:11:39.4999950Z: 7b849622-1f12-4d28-9492-0a5778f6357b - AdalLoggerBase.cs: Check and AcquireToken using broker 
2019-07-20 01:11:39.500 EY.Mobile.CTMob.iOS[23741:17272907] 2019-07-20T05:11:39.5001990Z: 7b849622-1f12-4d28-9492-0a5778f6357b - AdalLoggerBase.cs: Broker invocation is NOT required
2019-07-20 01:11:39.503 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:39.5034390Z: 27c2d418-6fc1-4114-8340-3d1713b4d80e - AdalLoggerBase.cs: iOS Broker can be invoked. 
2019-07-20 01:11:39.504 EY.Mobile.CTMob.iOS[23741:17272910] 2019-07-20T05:11:39.5041560Z: 27c2d418-6fc1-4114-8340-3d1713b4d80e - AdalLoggerBase.cs: Trying to acquire a token using the broker...
2019-07-20 01:11:39.511 EY.Mobile.CTMob.iOS[23741:17272910] 2019-07-20T05:11:39.5115170Z: 27c2d418-6fc1-4114-8340-3d1713b4d80e - AdalLoggerBase.cs: Invoking the iOS broker. 
2019-07-20 01:11:39.519 EY.Mobile.CTMob.iOS[23741:17272907] 2019-07-20T05:11:39.5191380Z: 7b849622-1f12-4d28-9492-0a5778f6357b - AdalLoggerBase.cs: Exception type: Microsoft.IdentityModel.Clients.ActiveDirectory.AdalSilentTokenAcquisitionException
, ErrorCode: failed_to_acquire_token_silently
---> Inner Exception Details
Exception type: Microsoft.IdentityModel.Clients.ActiveDirectory.AdalClaimChallengeException
, ErrorCode: interaction_required
, StatusCode: 0
---> Inner Exception Details
Exception type: Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException
, ErrorCode: BadRequest
, StatusCode: 400

  at Microsoft.Identity.Core.OAuth2.OAuthClient.GetResponseAsync[T] (System.Boolean respondToDeviceAuthChallenge) [0x00148] in <b4c672b41d6c4caeabfd2f73c4478177>:0 

=== End of inner exception stack trace ===

  at Microsoft.Identity.Core.OAuth2.OAuthClient.GetResponseAsync[T] (System.Boolean respondToDeviceAuthChallenge) [0x00270] in <b4c672b41d6c4caeabfd2f73c4478177>:0 
  at Microsoft.Identity.Core.OAuth2.OAuthClient.GetResponseAsync[T] () [0x0006d] in <b4c672b41d6c4caeabfd2f73c4478177>:0 
  at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.SendHttpMessageAsync (Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.IRequestParameters requestParameters) [0x00098] in <b4c672b41d6c4caeabfd2f73c4478177>:0 
  at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.SendTokenRequestByRefreshTokenAsync (System.String refreshToken) [0x000c9] in <b4c672b41d6c4caeabfd2f73c4478177>:0 
  at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.RefreshAccessTokenAsync (Microsoft.Identity.Core.Cache.AdalResultWrapper result) [0x000a3] in <b4c672b41d6c4caeabfd2f73c4478177>:0 

=== End of inner exception stack trace ===

  at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenSilentHandler.SendTokenRequestAsync () [0x00033] in <b4c672b41d6c4caeabfd2f73c4478177>:0 
  at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.CheckAndAcquireTokenUsingBrokerAsync () [0x000df] in <b4c672b41d6c4caeabfd2f73c4478177>:0 
  at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.RunAsync () [0x004db] in <b4c672b41d6c4caeabfd2f73c4478177>:0 

2019-07-20 01:11:39.529 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:39.5291130Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: ADAL PCL.iOS with assembly version '5.1.0.0', file version '5.1.0.0' and informational version '5.1.0' is running...
2019-07-20 01:11:39.529 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:39.5292630Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: === Token Acquisition started: 
	CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (0 items)
	Authentication Target: User
	, Authority Host: login.microsoftonline.com
2019-07-20 01:11:39.529 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:39.5296700Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: Loading from cache.
2019-07-20 01:11:39.530 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:39.5309250Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: Looking up cache for a token...
2019-07-20 01:11:39.531 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:39.5310110Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: No matching token was found in the cache
2019-07-20 01:11:39.531 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:39.5310650Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: Checking MSAL cache for user token cache
2019-07-20 01:11:39.550 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:39.5506680Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: A match was found in the MSAL cache ? True
2019-07-20 01:11:39.550 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:39.5508090Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: Refreshing the AT based on the RT.
2019-07-20 01:11:39.550 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:39.5508690Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: Refreshing access token...
2019-07-20 01:11:39.557 EY.Mobile.CTMob.iOS[23741:17272911] 2019-07-20T05:11:39.5573650Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: Exception type: System.Threading.Tasks.TaskCanceledException

  at System.Net.Http.NSUrlSessionHandler.SendAsync (System.Net.Http.HttpRequestMessage request, System.Threading.CancellationToken cancellationToken) [0x001d4] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/src/Foundation/NSUrlSessionHandler.cs:342 
  at System.Net.Http.HttpClient.SendAsyncWorker (System.Net.Http.HttpRequestMessage request, System.Net.Http.HttpCompletionOption completionOption, System.Threading.CancellationToken cancellationToken) [0x00080] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System.Net.Http/System.Net.Http/HttpClient.cs:276 
  at Microsoft.Identity.Core.Http.HttpManager.ExecuteAsync (System.Uri endpoint, System.Collections.Generic.IDictionary`2[TKey,TValue] headers, System.Net.Http.HttpContent body, System.Net.Http.HttpMethod method) [0x000c5] in <b4c672b41d6c4caeabfd2f73c4478177>:0 
  at Microsoft.Identity.Core.Http.HttpManager.ExecuteWithRetryAsync (System.Uri endpoint, System.Collections.Generic.IDictionary`2[TKey,TValue] headers, System.Net.Http.HttpContent body, System.Net.Http.HttpMethod method, Microsoft.Identity.Core.RequestContext requestContext, System.Boolean doNotThrow, System.Boolean retry) [0x00134] in <b4c672b41d6c4caeabfd2f73c4478177>:0 

2019-07-20 01:11:39.557 EY.Mobile.CTMob.iOS[23741:17272911] 2019-07-20T05:11:39.5575230Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: Retrying one more time..
Thread started:  #21
2019-07-20 01:11:41.169 EY.Mobile.CTMob.iOS[23741:17272909] 2019-07-20T05:11:41.1689390Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: Response status code does not indicate success: 400 (BadRequest).
2019-07-20 01:11:41.173 EY.Mobile.CTMob.iOS[23741:17272909] 2019-07-20T05:11:41.1702080Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: A service exception occurred
2019-07-20 01:11:41.174 EY.Mobile.CTMob.iOS[23741:17272909] 2019-07-20T05:11:41.1740080Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: IsDeviceCode? False
2019-07-20 01:11:41.175 EY.Mobile.CTMob.iOS[23741:17272909] 2019-07-20T05:11:41.1755290Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: TokenResponse ? True
2019-07-20 01:11:41.184 EY.Mobile.CTMob.iOS[23741:17272909] 2019-07-20T05:11:41.1838440Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: Either a token was not found or an exception was thrown.
2019-07-20 01:11:41.187 EY.Mobile.CTMob.iOS[23741:17272540] 2019-07-20T05:11:41.1876450Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: iOS Broker can be invoked. 
2019-07-20 01:11:41.188 EY.Mobile.CTMob.iOS[23741:17272909] 2019-07-20T05:11:41.1884590Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: Trying to acquire a token using the broker...
2019-07-20 01:11:41.198 EY.Mobile.CTMob.iOS[23741:17272909] 2019-07-20T05:11:41.1977900Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: Invoking the iOS broker. 
2019-07-20 01:11:45.336 EY.Mobile.CTMob.iOS[23741:17272910] 2019-07-20T05:11:45.3367880Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: Processing response from iOS Broker. 
2019-07-20 01:11:45.342 EY.Mobile.CTMob.iOS[23741:17272910] 2019-07-20T05:11:45.3423770Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: Broker response successful. 
2019-07-20 01:11:45.342 EY.Mobile.CTMob.iOS[23741:17272910] 2019-07-20T05:11:45.3429470Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: Storing token in the cache...
2019-07-20 01:11:45.343 EY.Mobile.CTMob.iOS[23741:17272910] 2019-07-20T05:11:45.3438800Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: An item was stored in the cache
2019-07-20 01:11:45.352 EY.Mobile.CTMob.iOS[23741:17272910] 2019-07-20T05:11:45.3524410Z: 00000000-0000-0000-0000-000000000000 - AdalLoggerBase.cs: Serializing token cache with 1 items.
2019-07-20 01:11:45.354 EY.Mobile.CTMob.iOS[23741:17272910] 2019-07-20T05:11:45.3544360Z: 00000000-0000-0000-0000-000000000000 - AdalLoggerBase.cs: Failed to remove adal cache record: 
2019-07-20 01:11:45.358 EY.Mobile.CTMob.iOS[23741:17272910] 2019-07-20T05:11:45.3585120Z: 00000000-0000-0000-0000-000000000000 - AdalLoggerBase.cs: Failed to save adal cache record: 
2019-07-20 01:11:45.358 EY.Mobile.CTMob.iOS[23741:17272910] 2019-07-20T05:11:45.3587890Z: a018d5f4-fd04-44ad-a3a9-13a295519b67 - AdalLoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 7/20/2019 5:40:54 AM +00:00

Answer 1 · 2019-07-24T12:34:21.000Z

I will also add this didn't start happening to us until we updated Microsoft Authenticator and Company Portal. I'm starting to believe something else has changed with Broker.

Answer 2 · 2019-07-24T12:40:42.000Z

@biozal which version of authenticator and company portal is being used?

Answer 3 · 2019-07-24T12:48:44.000Z

@biozal which version of authenticator and company portal is being used?

iOS:
Microsoft Authenticator: 6.3.7
Company Portal: 3.9.0

Android:
5.0.4464.0

The logs you see are from iOS.

Answer 4 · 2019-07-24T12:48:58.000Z

@biozal also....can you share the company portal incident ID and same for authenticator (and send authenticator logs via the app)? Thx

Answer 5 · 2019-07-24T12:54:28.000Z

Multiple phones:
Company Portal Incident ID: E2B8856E
Company Portal Incident ID: 646C3DF7

Waiting for logs in email, will attach when they come into email.

Answer 6 · 2019-07-24T12:57:04.000Z

Authenticator: M4RHPPF
Authenticator: KXZFS6ZF

Answer 7 · 2019-07-24T12:57:27.000Z

@biozal Thank you.

Answer 8 · 2019-07-24T12:58:39.000Z

@jennyf19 - I'm have time after 11 AM EST to debug this so I'll try to get more information for you on what's going on.

Answer 9 · 2019-07-24T12:59:13.000Z

@biozal sounds good. in the meantime, i'll send those IDs to our broker teams and see if they can provide any additional insights.

Answer 10 · 2019-07-24T13:11:50.000Z

Learned something new - XCode Device logs with Pii logs enabled give you a far better idea what's going on. I debugged this time with one of our QA phones and got better logs. I'm going to email them to you because they contain a ton of private information I can't share on the internet. You should be able to give this to the broker team as I think it shows what's going on really well.

Answer 11 · 2019-07-24T19:07:29.000Z

So I have found the source of the issue. I opened the bug on the where when we used the string value for the Azure tenant, it would not save tokens properly in 5.1.0.0 here:
#1626

We put a patch into our apps to change the authority we use from string value to the GUID value of our tenant to resolve this issue. As part of my testing, I removed all the tokens from my phones using the following sample code:
https://github.com/biozal/Xamarin-Forms-Reference-App/blob/master/Mobile.RefApp.Lib/ADAL/AzureAuthenticatorService.cs

The method name is ClearCachedTokens method in that class. Everything started working fine for me. However what I didn't know is that other users continued to get prompted and the token cache continued to not function properly for everyone else. I looked at a few users token cache they have two tokens in the cache: one is for the string value of the authority and one is for the guid value of the authority. I believe this is in conflict where when the ADAL library tries to update the cache token it finds two results back for the same authority and because of that it never updates the token cache and bombs out.

I kind of confirmed this by using the XCode Device Console to watch what was going between Microsoft Authenticator and one our apps while it was trying to pull down tokens using the Aquire Token Silent option:

default 08:59:02.661791 -0400 securityd insert failed for item <genp,rowid=null,cdat=2019-07-24 12:59:02 +0000,mdat=2019-07-24 12:59:02 +0000,desc=Storage for cache,icmt=ADAL.PCL.iOS Cache,crtr=null,type=null,scrp=null,labl=ADAL.PCL.iOS Label,alis=null,invi=null,nega=null,cusi=null,prot=null,acct=ADAL.PCL.iOS cache,svce=ADAL.PCL.iOS Service,gena=xxxxxxdata=xxxxxxxxxxxxxxxxxx…|2a174ecc7f249d2,agrp=xxxxxxxxxxxpdmn=dk,sync=0,tomb=0,sha1=xxxxxxxxxx,vwht=null,tkid=null,v_Data=<?>,v_pk=xxxxxxx,accc=null,u_Tomb=null,musr=,UUID=xxxxxxx,sysb=null,pcss=null,pcsk=null,pcsi=null,persistref=> with Error Domain=com.apple.utilities.sqlite3 Code=19 "finalize: 0x105464200: [19->2067] UNIQUE constraint failed: genp.acct, genp.svce, genp.agrp, genp.sync, genp.vwht, genp.tkid, genp.musr" UserInfo={NSDescription=finalize: 0x105464200: [19->2067] UNIQUE constraint failed: genp.acct, genp.svce, genp
default 08:59:02.663524 -0400 securityd EY.Mobile.xxxx.[456]/1#4 LF=0 add Error Domain=NSOSStatusErrorDomain Code=-25299 "duplicate item O,genp,2E0CAAF0,L,dk,xxxxx.xxxxxxxx,0,desc,icmt,labl,acct,svce,gena,v_Data,musr,20190724125902.575159Z,8539FC66" UserInfo={NSDescription=duplicate item O,genp,2E0CAAF0,L,dk,xxxxxx.xxxxxxxxxxxx0,desc,icmt,labl,acct,svce,gena,v_Data,musr,xxxxxxx,xxxxxxxxxx}

Note I modified the data with xxxx to hide sensitive data about our applications. This is right after the PII logs provided try to write the token to cache. If I completely clear the token cache for these users and then acquire a token, the token cache starts functioning properly since we are only using the GUID value of the authority. Using the XCode Device Console logs - I also validated it's Microsoft Authenticator that in fact is converting the authority from string value that we pass in and returning it as the GUID. I have provide that log in an email message to @jennyf19 as it contains very sensitive information. Our work around is for users to use the development screens we have created to manually clear the token cache from there device, which so far has resolved the issue for us.

As for other people having the issue - it would be nice if the ADAL library saw that there were two records in the cache would instead of throwing out the new cache token to write would throw out the two tokens in the cache and replace them with the new one that it just acquired from broker. That would resolve this issue for others and stop the bug from happening again with a different test case.

Answer 12 · 2019-09-11T20:54:45.000Z

@jennyf19 : how is MSAL handling the same situation?

Answer 13 · 2019-09-11T21:07:34.000Z

@henrik-me I believe this was resolved. I'd have to look back through my notes thought...maybe @biozal has a better memory? we had several of these issues in sequence, not sure the specific outcome of this one.

Answer 14 · 2019-11-14T19:01:27.000Z

@biozal : please feel free to reopen if this is not working

Answer 15 · 2020-07-18T10:44:03.000Z

We put a patch into our apps to change the authority we use from string value to the GUID value of our tenant to resolve this issue. As part of my testing, I removed all the tokens from my phones using the following sample code:
https://github.com/biozal/Xamarin-Forms-Reference-App/blob/master/Mobile.RefApp.Lib/ADAL/AzureAuthenticatorService.cs

Hey @biozal , I am facing the same issue but in UWP. Can you tell me where exactly can I find the GUID value of the authority? I checked my Azure manifest, but couldn't find any :/