App stopped working for GCC High tenants after migrating from ADAL to MSAL

[Happy202121]

Describe the bug Our app is in production. After migrating from ADAL to MSAL, our Intune-integrated app no longer works for GCC High customers. After entering their email and password, they get the error "AADSTS700016: Application with identifier not found in the directory (domain name)".

With ADAL, our GCC High customers did not get this error.

Smartphone (please complete the following information):

• Device: All Android devices
• Android Version: All Android versions
• Browser: All Android browsers
• MSAL Version: 1.13.0

Stacktrace The issue is not a crash.

To Reproduce User opens the app User enters their email address User enters their password Auth request goes to user's tenant User gets error "AADSTS700016: Application with identifier not found in the directory (domain name)"

Expected behavior The GCC High tenant finds the client_id in the Azure commercial cloud and allows the sign-in to complete.

Actual Behavior The client_id is not found and the sign-in fails.

[negoe]

Follow up with @shoatman.

[negoe]

@Happy202121 What's the authority you are using here?

[Happy202121]

Hi @negoe , the AzureCloudInstance is Azure Public, the AadAuthorityAudience is AzureAdAndPersonalMicrosoftAccount. We have also tried using the AzureAdMultipleOrgs authority audience.

The cloud instance has to remain Azure public so our public cloud customers can continue to use it. We've found that no matter the authority we use, the auth request is routed to the correct tenant based on the user's email domain.

The problem is once the request hits a GCC High domain, it checks for the client_id and can't find it. This is because the client_id exists in the Azure public cloud.

[negoe]

This error means that wrong configuration is made for the Client ID OR tenant ID in your code, first please confirm that both are same as your azure portal application client and tenant.