MSAL.PS
MSAL.PS copied to clipboard
AzureAD
Get-MsalToken fails to launch interactive authentication prompt from Windows Terminal
I am using Windows Terminal Preview (v1.16.2524.0) as my default terminal application.
When running Windows PowerShell from Terminal, I'm unable to interactively authenticate.
When running Get-MsalToken I get the below error:
Get-MsalToken : Error creating window handle.
At <redacted>\WindowsPowerShell\Modules\MSAL.PS\4.37.0.0\Get-MsalToken.ps1:314 char:53
+ ... ionResult = Get-MsalToken -Interactive -PublicClientApplication $Publ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : AuthenticationError: (Microsoft.Ident...arameterBuilder:AcquireTokenInteractiveParameterBuilder) [Write-Error], Win32Exception
+ FullyQualifiedErrorId : GetMsalTokenFailureAuthenticationError,Get-MsalToken
When running the same flow from Windows PowerShell hosted by conhost.exe, Get-MsalToken is able to successfully open the interactive logic pop-up.
I forgot to mention I'm using the latest version of MSAL.PS (v4.37.0.0), though it's implied in the error message.
I'm also able to repro this issue, interestingly this only seems to occur if you launch Windows PowerShell from the start menu AND have Default terminal application set to Windows Terminal within it's settings.
If I just launch Windows Terminal first, it doesn't seem to care what it's set to. Also, to @yitzhaks point you can also just set the default terminal application to Windows console host as a workaround.
I notice that the process chain in Task Manager differs depending on how you launch:
-
When the error does not occur (i.e. launching Windows Terminal first)
-
-
When the error occurs (i.e. launching Windows PowerShell from the start menu)
-
Seems like Windows Terminal isn't tying the Windows PowerShell process to it's parent properly when you launch it that way and chains it as a child of Explorer.exe. Therefore I guess a 3rd (albeit ugly) workaround would be to check if the parent process of Windows PowerShell is Explorer.exe and isn't running with conhost, then if that occurs relaunch under different conditions.
I'm not quite sure how exactly to define the root of this issue but it feels like it should be resolved on the Windows Terminal side rather than this specific module. I'd be happy to open an issue over there with a bit of assistance to more accurately define this. CC: @cinnamon-msft @DHowett
I suppose it's also possible that this isn't unique to this module and needs to be resolved in the actual MSAL.
I'm not noticing anything glaring in the MSAL.PS module itself.
Experiencing the same error over here too. Interestingly, seems to work okay on Windows 10, but using Windows 11, this error shows each time.
Seems like this is failing because of this code in Get-MsalToken.ps1
[IntPtr] $ParentWindow = [System.Diagnostics.Process]::GetCurrentProcess().MainWindowHandle
if ($ParentWindow -eq [System.IntPtr]::Zero -and [System.Environment]::OSVersion.Platform -eq 'Win32NT') {
$Win32Process = Get-CimInstance Win32_Process -Filter ("ProcessId = '{0}'" -f [System.Diagnostics.Process]::GetCurrentProcess().Id) -Verbose:$false
$ParentWindow = (Get-Process -Id $Win32Process.ParentProcessId).MainWindowHandle
}
if ($ParentWindow -ne [System.IntPtr]::Zero) { [void] $AquireTokenParameters.WithParentActivityOrWindow($ParentWindow) }
It is getting the window of the parent process, and with that's explorer.exe.
