microsoft-authentication-library-for-android icon indicating copy to clipboard operation
microsoft-authentication-library-for-android copied to clipboard
verified publisher icon AzureAD

com.microsoft.identity.client.exception.MsalClientException: The signed in account does not match with the provided account.

Open Digipom opened this issue 2 years ago • 7 comments

After migrating from the "deprecated" clientApp.acquireTokenSilentAsync, I started encountering this error. Looking at Stack Overflow and GitHub, it seems the current solution is to use the deprecated methods; however, the issues were closed. Since I'm still encountering the error on 4.6.2, is using the deprecated methods still the recommended solution?

Digipom avatar Sep 19 '23 15:09 Digipom

@Digipom Can you please share the link to issues?

negoe avatar Sep 22 '23 06:09 negoe

These are the ones that seem relevant:

https://github.com/AzureAD/microsoft-authentication-library-for-android/issues/1742 https://github.com/AzureAD/microsoft-authentication-library-for-android/issues/1475 (closed after user mentioned using deprecated method)

These might also be relevant:

https://github.com/AzureAD/microsoft-authentication-library-for-android/issues/1790

Digipom avatar Sep 22 '23 12:09 Digipom

@Digipom

All of the above mentioned issues doesn't have same environment. Could you provide more details about the specific error message you're encountering and share MSAL logs if possible?

negoe avatar Oct 04 '23 04:10 negoe

Basically, if not using the deprecated methods and using the builder methods instead, we get a "com.microsoft.identity.client.exception.MsalClientException: The signed in account does not match with the provided account.". It seems we need to provide an account then but I'm wary about releasing that to production given the other issues that are open. Can the new methods just use the persisted account the way that the deprecated ones do?

Digipom avatar Oct 04 '23 12:10 Digipom

FYI A client of mine is seeing the same after changing password. He can log in on devices with freshly installed app, but not on the one he was using before changing password. Is there a workaround or something to force refreshing the credentials (assuming that's the problem)?

MihaMarkic avatar Oct 17 '23 08:10 MihaMarkic

FYI. As I said it happens when user changes password while user was previously logged into mobile application. When that happens, AcquireTokenParameters.Builder()....Build().acquireToken() would fail with current_account_mismatch even when forcing Prompt.LOGIN. The solution in my case is following: When call to acquireToken() throws MsalClientException with exception?.errorCode == MsalClientException.CURRENT_ACCOUNT_MISMATCH, then I call app.signOut, retrieve application with PublicClientApplication.createSingleAccountPublicClientApplication once more and use it to acquireToken again. This time it correctly shows the prompt for credentials. In case it helps somebody.

MihaMarkic avatar Oct 19 '23 09:10 MihaMarkic

Are there any updates on this one? The methods are still deprecated but the new ones are still not a 1:1 replacement, due to the behavior of getPersistedCurrentAccount().

Digipom avatar Mar 04 '24 17:03 Digipom