Multi-tenant issue with native broker authentication #8206
Description
Core Library
MSAL Node (@azure/msal-node)
Core Library Version
3.8.3
Wrapper Library
MSAL Node Extensions (@azure/msal-node-extensions)
Wrapper Library Version
1.5.25
Public or Confidential Client?
Public
Description
Error Message
No response
MSAL Logs
Network Trace (Preferrably Fiddler)
- Sent
- Pending
MSAL Configuration
const config = {
auth: {
clientId: "7ea7c24c-b1f6-4a20-9d11-9ae12e9e7ac0",
authority: "https://login.microsoftonline.com/common",
},
broker: {
nativeBrokerPlugin: new NativeBrokerPlugin(),
},
system: {
loggerOptions: {
// @ts-ignore
loggerCallback(loglevel, message, containsPii) {
switch (loglevel) {
case LogLevel.Error:
VsCodeLogInstance.error(message);
return;
case LogLevel.Info:
VsCodeLogInstance.info(message);
return;
case LogLevel.Verbose:
VsCodeLogInstance.debug(message);
return;
case LogLevel.Warning:
VsCodeLogInstance.warning(message);
return;
default:
VsCodeLogInstance.verbose(message);
return;
}
},
piiLoggingEnabled: false,
logLevel: LogLevel.Trace,
},
},
cache: {
cachePlugin,
},
};Relevant Code Snippets
Get token for tenant B through force refresh -> succeed:
const res = await this.pca.acquireTokenSilent({
authority: `https://login.microsoftonline.com/${tenantId_B}`,
claims: '{ "id_token": {}}',
});
Get AccountInfo for user under tenant B after acquire token silently -> no account item with tenant B listed:
const allAccounts = await this.pca.getAllAccounts();Reproduction Steps
Expected Behavior
AccountInfo item can be retrieved from getAllAccounts API for user where the tenant id field is tenant B id
Identity Provider
Entra ID (formerly Azure AD) / MSA
Browsers Affected (Select all that apply)
Other
Regression
No response