microsoft-authentication-library-for-java
microsoft-authentication-library-for-java copied to clipboard
AzureAD
[Bug] acquireTokenSilently method for Operating System account is deprecated
Library version used
1.17.2
Java version
17
Scenario
Other - please specify
Is this a new or an existing app?
This is a new app or experiment
Issue description and reproduction steps
Hi,
I'm trying to use acquireTokenSilently with a WAM to get a token from the Operating System cache.
This works:
Broker broker = new Broker.Builder()
.supportWindows(true)
.build();
PublicClientApplication pca = PublicClientApplication.builder(CLIENT_ID)
.authority(AUTHORITY)
.broker(broker)
.build();
SilentParameters silentParameters = SilentParameters.builder(SCOPES).build();
IAuthenticationResult result = pca.acquireTokenSilently(silentParameters).join();
System.out.println(result.accessToken());
However, SilentParameters.builder(Set<String>) is marked deprecated and for removal in the next major build.
Is this deprecation annotation correct? If so, is there a recommended method to get the token from the OS Account? The only other builder method requires an Account to be supplied, which appears to be for an application-controlled account, not the system account.
Thanks
Relevant code snippets
Broker broker = new Broker.Builder()
.supportWindows(true)
.build();
PublicClientApplication pca = PublicClientApplication.builder(CLIENT_ID)
.authority(AUTHORITY)
.broker(broker)
.build();
// with no account - this works but is deprecated
SilentParameters silentParameters = SilentParameters.builder(SCOPES).build();
// with the PCA account - this throws an error as there are no accounts
// SilentParameters silentParameters = SilentParameters.builder(SCOPES, pca.getAccounts().join().iterator().next()).build();
IAuthenticationResult result = pca.acquireTokenSilently(silentParameters).join();
System.out.println(result.accessToken());
Expected behavior
SilentParameters.builder(SCOPES) to be un-deprecated
Identity provider
Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)
Regression
No response
Solution and workarounds
No response
Ensure that there are accounts in the cache. If you're expecting an account to be available, check the account retrieval logic: java code:- List<IAccount> accounts = pca.getAccounts().join(); if (accounts.isEmpty()) { // Handle the scenario where no accounts are available } else { SilentParameters silentParameters = SilentParameters.builder(SCOPES, accounts.get(0)).build(); IAuthenticationResult result = pca.acquireTokenSilently(silentParameters).join(); System.out.println(result.accessToken()); }
Documentation Review: Review the latest MSAL documentation to see if there are new patterns or methods for silent authentication that replace the deprecated builder.
Update Your Implementation: If the library maintains the new requirement for accounts, adjust your implementation to handle account retrieval properly and use the updated builder method.
Conclusion Your main concern revolves around the deprecation of a method that you rely on for token acquisition. As libraries evolve, it's common for methods to be deprecated in favor of more robust solutions. Adjusting your code to accommodate these changes will help maintain compatibility with future versions of the library.
Hello @jayendranar02 : Long story short, that deprecated SilentParameters builder was originally used for confidential client scenarios (which didn't use an account), but a while back we started handling the silent flow internally so you didn't need to use it (which is why it was deprecated)
However, after support for WAM was added that API was repurposed to handle the new default OS account option when using the broker. It was an oversight to not un-deprecate it and make that behavior more clear, and we will fix that in an upcoming release. No ETA yet, but it is a simple fix and I'll update this thread once we have more info about the release.
