Bogdan Gavril

Instance discovery should not use the port indeed for the instance discovery process, but should use it for /authorize and /token endpoint. Does that make sense? If yes, please transfer...

Ack, then this feature request makes sense. Alternative to this would be to set "validate authority" flag to false. A request to `login.microsoftonline.com` will still happen but `invalid_authority` error will...

Looks like the consent screen is the culprit.

yes, you are right, we should get this fixed. The options should simply be ignored where they do not apply. Until then, you'll have to conditionally add those options, e.g....

I think you should open a bug on MSAL.

A lot of customers push back against preview versions. So I'm thinking that our official sample should not use the -preview. It is fine to put this in a branch...

You are not upgrading this sample to use Maui, so the Intune project can use the last MSAL.

Yes, if you use an embedded browser, then MSAL knows if the end-user closes it. If you use a system browser, this is just process to process communication, i.e. MSAL...

We are using DP-API to encrypt the tokens at rest on Windows. DP-API requires a user session. Are you connected to the box remotely somehow?

@APIWT - are you using the Mac to remotely connect to a Windows box? Is there a Windows machine anywhere involved? The reason I'm asking is that the exception in...