@@ -493,40 +493,58 @@ func (c *serviceInfo) GetAccessToken(ctx context.Context) (string, error) {
493493 return "" , err
494494 }
495495 } else {
496- customHttpClient := & clientIdReplacingHttpClient {
497- clientAppUri : c . ClientAppUri ,
498- clientAppId : c . ClientId ,
499- innerClient : http . DefaultClient ,
500- }
496+ obtainTokenFromRefreshToken := func ( clientId string ) ( AccessToken , error ) {
497+ options := []public. Option {
498+ public . WithAuthority ( c . Authority ) ,
499+ public . WithCache ( c ) ,
500+ }
501501
502- // fall back to using the refresh token from the cache
503- client , err := public .New (
504- c .ClientAppUri ,
505- public .WithAuthority (c .Authority ),
506- public .WithCache (c ),
507- public .WithHTTPClient (customHttpClient ),
508- )
502+ if clientId == c .ClientAppUri {
503+ cachedClientId := & clientIdReplacingHttpClient {
504+ clientAppUri : c .ClientAppUri ,
505+ clientAppId : c .ClientId ,
506+ innerClient : http .DefaultClient ,
507+ }
509508
510- if err != nil {
511- return "" , err
512- }
509+ options = append (options , public .WithHTTPClient (cachedClientId ))
510+ }
513511
514- accounts , err := client .Accounts (ctx )
515- if err != nil {
516- return "" , fmt .Errorf ("unable to get accounts from token cache: %w" , err )
517- }
518- if len (accounts ) != 1 {
519- return "" , errors .New ("corrupted token cache" )
520- }
512+ // fall back to using the refresh token from the cache
513+ client , err := public .New (clientId , options ... )
521514
522- authResult , err := client .AcquireTokenSilent (ctx , []string {fmt .Sprintf ("%s/%s" , c .Audience , userScope )}, public .WithSilentAccount (accounts [0 ]))
523- if err != nil {
524- return "" , err
515+ if err != nil {
516+ return AccessToken {}, err
517+ }
518+
519+ accounts , err := client .Accounts (ctx )
520+ if err != nil {
521+ return AccessToken {}, fmt .Errorf ("unable to get accounts from token cache: %w" , err )
522+ }
523+ if len (accounts ) != 1 {
524+ return AccessToken {}, errors .New ("corrupted token cache" )
525+ }
526+
527+ authResult , err := client .AcquireTokenSilent (ctx , []string {fmt .Sprintf ("%s/%s" , c .Audience , userScope )}, public .WithSilentAccount (accounts [0 ]))
528+ if err != nil {
529+ return AccessToken {}, err
530+ }
531+
532+ return AccessToken {
533+ Token : authResult .AccessToken ,
534+ ExpiresOn : authResult .ExpiresOn ,
535+ }, nil
525536 }
526537
527- accessToken = AccessToken {
528- Token : authResult .AccessToken ,
529- ExpiresOn : authResult .ExpiresOn ,
538+ var err error
539+ accessToken , err = obtainTokenFromRefreshToken (c .ClientId )
540+ if err != nil {
541+ // In earlier versions, we logged in using the app identifier uri.
542+ // If that is how the refresh token was obtained, we need to do the cache lookup using
543+ // that as the client ID.
544+ accessToken , err = obtainTokenFromRefreshToken (c .ClientAppUri )
545+ if err != nil {
546+ return "" , err
547+ }
530548 }
531549 }
532550
@@ -1077,7 +1095,7 @@ func (si *serviceInfo) performUserLogin(ctx context.Context, useDeviceCode bool)
10771095func (si * serviceInfo ) Replace (ctx context.Context , unmarshaler cache.Unmarshaler , hints cache.ReplaceHints ) error {
10781096 data , err := base64 .StdEncoding .DecodeString (si .FullCache )
10791097 if err == nil {
1080- unmarshaler .Unmarshal (data )
1098+ err = unmarshaler .Unmarshal (data )
10811099 }
10821100
10831101 return err
0 commit comments