Microsoft Identity Client authentication issue

[DanielBradley1]

Describe the bug

Hi Team,

I am trying to connect to Microsoft Graph using the WAM login flow by enabling LoginByWAM. However, since the Azure.Identity version bump in https://github.com/microsoftgraph/msgraph-sdk-powershell/pull/3098/commits/e04e7e1f80d8c3fb80053907f2caea18d427bf64 I get the following error:

Connect-MgGraph: InteractiveBrowserCredential authentication failed: Could not load type 'Microsoft.Identity.Client.AuthScheme.TokenType' from assembly 'Microsoft.Identity.Client, Version=4.67.2.0, Culture=neutral, PublicKeyToken=0a613f4dd989e8ae'.

Installing v2.25 of the PowerShell SDK resolves the issue. The latest version of this flow in AzAccounts works fine, although I think it is using the older version of the dll.

Expected behavior

Successful authentication to Microsoft Graph using WAM.

How to reproduce

1. Install-Module -Name Microsoft.Graph.Authentication -RequiredVersion 2.28
2. Set-MgGraphOption -EnableLoginByWAM $true
3. Ensure device is registered to Entra with account
4. Connect-MgGraph

SDK Version

2.28

Latest version known to work for scenario above?

2.25

Known Workarounds

No response

Debug output

Click to expand log

```

DEBUG: InteractiveBrowserCredential.Authenticate invoked. Scopes: [ User.Read ] ParentRequestId: DEBUG: Executing interactive authentication workflow inline. DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:34Z - e9a0c591-2b15-48a9-b35a-1acc1d87ec97] MSAL MSAL.CoreCLR with assembly version '4.67.2.0'. CorrelationId(e9a0c591-2b15-48a9-b35a-1acc1d87ec97) DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:34Z - e9a0c591-2b15-48a9-b35a-1acc1d87ec97] === InteractiveParameters Data === LoginHint provided: False User provided: False UseEmbeddedWebView: NotSpecified ExtraScopesToConsent: Prompt: select_account HasCustomWebUi: False DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:34Z - e9a0c591-2b15-48a9-b35a-1acc1d87ec97] === Request Data === Authority Provided? - True Scopes - User.Read Extra Query Params Keys (space separated) - ApiId - AcquireTokenInteractive IsConfidentialClient - False SendX5C - False LoginHint ? False IsBrokerConfigured - True HomeAccountId - False CorrelationId - e9a0c591-2b15-48a9-b35a-1acc1d87ec97 UserAssertion set: False LongRunningOboCacheKey set: False Region configured:

DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:34Z - e9a0c591-2b15-48a9-b35a-1acc1d87ec97] === Token Acquisition (InteractiveRequest) started: Scopes: User.Read Authority Host: login.microsoftonline.com DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:34Z - e9a0c591-2b15-48a9-b35a-1acc1d87ec97] [Instance Discovery] Instance discovery is enabled and will be performed DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:34Z - e9a0c591-2b15-48a9-b35a-1acc1d87ec97] [Region discovery] Not using a regional authority. DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:34Z - e9a0c591-2b15-48a9-b35a-1acc1d87ec97] Fetching instance discovery from the network from host login.microsoftonline.com. DEBUG: Request [bf6d0d22-4d7c-4c89-bc5a-1c8709d72507] GET https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=REDACTED x-client-SKU:REDACTED x-client-Ver:REDACTED x-client-OS:REDACTED client-request-id:REDACTED return-client-request-id:REDACTED x-ms-client-request-id:bf6d0d22-4d7c-4c89-bc5a-1c8709d72507 x-ms-return-client-request-id:true User-Agent:azsdk-net-Identity.Broker/1.2.0 (.NET 9.0.4; Microsoft Windows 10.0.22631) client assembly: Azure.Identity.Broker DEBUG: Response [bf6d0d22-4d7c-4c89-bc5a-1c8709d72507] 200 OK (00.2s) Cache-Control:max-age=86400, private Strict-Transport-Security:REDACTED X-Content-Type-Options:REDACTED Access-Control-Allow-Origin:REDACTED Access-Control-Allow-Methods:REDACTED P3P:REDACTED client-request-id:REDACTED x-ms-request-id:38bee6fd-fbad-4f77-8e31-0b36af502500 x-ms-ests-server:REDACTED x-ms-srs:REDACTED Content-Security-Policy-Report-Only:REDACTED X-XSS-Protection:REDACTED Set-Cookie:REDACTED Date:Sun, 01 Jun 2025 07:00:23 GMT Content-Type:application/json; charset=utf-8 Content-Length:950

DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:34Z - e9a0c591-2b15-48a9-b35a-1acc1d87ec97] Broker is configured. Starting broker flow without knowing the broker installation app link. DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:34Z] [Runtime] WAM supported OS. DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:34Z - e9a0c591-2b15-48a9-b35a-1acc1d87ec97] Can invoke broker. Will attempt to acquire token with broker. DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:34Z] [RuntimeBroker] Calling SignInInteractivelyAsync this will show the account picker. DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:34Z] [MSAL:0004] WARNING SetAuthorityUri:78 Initializing authority from URI 'https://login.microsoftonline.com/common/' without authority type, defaulting to MsSts DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:34Z] [MSAL:0005] INFO SetCorrelationId:258 Set correlation ID: e9a0c591-2b15-48a9-b35a-1acc1d87ec97 DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:34Z] [MSAL:0005] INFO ExecuteInteractiveRequest:1159 The original authority is 'https://login.microsoftonline.com/common' DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:34Z] [MSAL:0005] WARNING TryNormalizeRealm:2420 No HomeAccountId provided to normalize the realm DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:34Z] [MSAL:0005] INFO ExecuteInteractiveRequest:1170 The normalized realm is '' DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:34Z] [MSAL:0005] INFO ModifyAndValidateAuthParameters:243 Authority Realm: common DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:34Z] [MSAL:0005] WARNING TryEnqueueMsaDeviceCredentialAcquisitionAndContinue:1052 MsaDeviceOperationProvider is not available. Not attempting to register the device. DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:34Z] [MSAL:0003] WARNING ReturnResponseDueToMissingParameter:693 Attempted to read cache with a non-normalized realm, access token and ID token reads will fail DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:34Z] [MSAL:0003] WARNING ReadAccountById:227 Account id is empty - account not found DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:36Z] [MSAL:0003] INFO SetCanonicalRealm:1106 Normalize realm to: '4e67cd72-f73a-42aa-a841-b8dd6ec328ca' DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:422 Printing Telemetry for Correlation ID: e9a0c591-2b15-48a9-b35a-1acc1d87ec97 DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: start_time, Value: 2025-06-01T07:00:34.000Z DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: api_name, Value: SignInInteractively DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: was_request_throttled, Value: false DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: authority_type, Value: AAD DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: access_token_expiry_time, Value: 2025-06-01T07:40:32.000Z DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: msal_version, Value: 1.1.0+local DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: client_id, Value: 14d82eec-204b-4c2f-b7e8-296a70dab67e DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: correlation_id, Value: e9a0c591-2b15-48a9-b35a-1acc1d87ec97 DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: broker_app_used, Value: true DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: stop_time, Value: 2025-06-01T07:00:37.000Z DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: msalruntime_version, Value: 0.16.2 DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: original_authority, Value: https://login.microsoftonline.com/common DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: request_eligible_for_broker, Value: true DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: additional_query_parameters_count, Value: 0 DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: read_token_last_error, Value: missing required parameter DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: auth_flow, Value: Broker DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: ui_event_count, Value: 1 DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: wam_telemetry, Value: {"x_ms_clitelem":"1,0,0,2701160.5892,","ui_visible":false,"tenant_id":"4e67cd72-f73a-42aa-a841-b8dd6ec328ca","scope":"User.Read offline_access openid profile","redirect_uri":"ms-appx-web://Microsoft.AAD.BrokerPlugin/14d82eec-204b-4c2f-b7e8-296a70dab67e","provider_id":"https://login.windows.net","http_status":200,"http_event_count":1,"http_content_type":"application/jose; charset=utf-8","http_content_size":15843,"device_join":"not_joined","correlation_id":"{ab2d18cf-d303-477e-8346-6c2604ff21de}","client_id":"14d82eec-204b-4c2f-b7e8-296a70dab67e","cache_event_count":0,"broker_version":"10.0.22621.4974","authority":"https://login.microsoftonline.com/common","api_error_code":0,"account_join_on_start":"secondary","account_join_on_end":"secondary","account_id":"8c5373a7-b54a-479d-8857-e38e8bcd7ebb","silent_code":0,"silent_bi_sub_code":0,"silent_message":"","silent_mats":{"x_ms_clitelem":"1,0,0,2701160.5892,","ui_visible":false,"tenant_id":"4e67cd72-f73a-42aa-a841-b8dd6ec328ca","scope":"User.Read offline_access openid profile","redirect_uri":"ms-appx-web://Microsoft.AAD.BrokerPlugin/14d82eec-204b-4c2f-b7e8-296a70dab67e","provider_id":"https://login.windows.net","http_status":200,"http_event_count":1,"http_content_type":"application/jose; charset=utf-8","http_content_size":15843,"device_join":"not_joined","correlation_id":"{ab2d18cf-d303-477e-8346-6c2604ff21de}","client_id":"14d82eec-204b-4c2f-b7e8-296a70dab67e","cache_event_count":0,"broker_version":"10.0.22621.4974","authority":"https://login.microsoftonline.com/common","api_error_code":0,"account_join_on_start":"secondary","account_join_on_end":"secondary","account_id":"8c5373a7-b54a-479d-8857-e38e8bcd7ebb"},"silent_status":0,"is_cached":1} DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: tenant_id, Value: 4e67cd72-f73a-42aa-a841-b8dd6ec328ca DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: normalized_realm, Value: 4e67cd72-f73a-42aa-a841-b8dd6ec328ca DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: write_token, Value: AT|ID DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: storage_write, Value: DAT|DID|DAC DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: storage_read, Value: DAC DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: is_successful, Value: true DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: authorization_type, Value: Interactive DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:430 Key: request_duration, Value: 2493 DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:435 Printing Execution Flow: DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z] [MSAL:0003] INFO LogTelemetryData:443 {"t":"646u1","tid":5,"ts":0,"l":2},{"t":"4s7ub","tid":5,"ts":0,"l":2},{"t":"4sufd","tid":5,"ts":0,"s":2,"l":2},{"t":"4swgg","tid":5,"ts":0,"s":2,"l":2},{"t":"4swgf","tid":5,"ts":0,"s":1,"l":2},{"t":"4swgi","tid":3,"ts":0,"s":2,"l":2},{"t":"8dqim","tid":3,"ts":0,"l":2},{"t":"8dqkl","tid":3,"ts":1,"l":2,"a":9,"ie":0},{"t":"54uxe","tid":5,"ts":1,"l":2},{"t":"4wqm9","tid":6,"ts":2464,"l":2},{"t":"4o9ak","tid":6,"ts":2464,"l":2},{"t":"4o9ai","tid":6,"ts":2466,"l":2},{"t":"8dql1","tid":6,"ts":2478,"l":2},{"t":"4qopb","tid":6,"ts":2478,"l":2},{"t":"8dqkn","tid":6,"ts":2478,"l":2,"a":5,"ie":1},{"t":"8dqko","tid":6,"ts":2478,"l":2,"a":9,"ie":1},{"t":"8dqkr","tid":6,"ts":2478,"l":2},{"t":"4sufd","tid":6,"ts":2478,"s":2,"l":2},{"t":"4swgg","tid":6,"ts":2478,"s":3,"l":2},{"t":"4swgf","tid":6,"ts":2478,"s":1,"l":2},{"t":"4swgi","tid":3,"ts":2478,"s":3,"l":2},{"t":"8b2yn","tid":3,"ts":2478,"l":2},{"t":"8dqlh","tid":3,"ts":2478,"l":2},{"t":"8dqli","tid":3,"ts":2478,"l":2},{"t":"8dqln","tid":3,"ts":2478,"l":2},{"t":"8dqih","tid":3,"ts":2478,"l":2},{"t":"4qnnm","tid":3,"ts":2479,"l":2,"a":3,"ie":0},{"t":"4qnnl","tid":3,"ts":2481,"l":2,"a":3,"ie":1},{"t":"4qnng","tid":3,"ts":2481,"l":2,"a":2,"ie":0},{"t":"4qnnf","tid":3,"ts":2482,"l":2,"a":2,"ie":1},{"t":"4qnne","tid":3,"ts":2482,"l":2,"a":3,"ie":0},{"t":"4qnnd","tid":3,"ts":2483,"l":2,"a":3,"ie":1},{"t":"6xuag","tid":3,"ts":2489,"l":2},{"t":"4waym","tid":3,"ts":2489,"l":2},{"t":"4pqvy","tid":3,"ts":2492,"l":2} DEBUG: False MSAL 4.67.2.0 MSAL.CoreCLR .NET 9.0.4 Microsoft Windows 10.0.22631 [2025-06-01 07:00:37Z - e9a0c591-2b15-48a9-b35a-1acc1d87ec97] Exception type: System.TypeLoadException To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging at Microsoft.Identity.Client.Platforms.Features.RuntimeBroker.WamAdapters.ParseRuntimeResponse(AuthResult authResult, AuthenticationRequestParameters authenticationRequestParameters, ILoggerAdapter logger) at Microsoft.Identity.Client.Platforms.Features.RuntimeBroker.WamAdapters.HandleResponse(AuthResult authResult, AuthenticationRequestParameters authenticationRequestParameters, ILoggerAdapter logger, String errorMessage) at Microsoft.Identity.Client.Platforms.Features.RuntimeBroker.RuntimeBroker.SignInInteractivelyAsync(AuthenticationRequestParameters authenticationRequestParameters) at Microsoft.Identity.Client.Platforms.Features.RuntimeBroker.RuntimeBroker.AcquireTokenInteractiveAsync(AuthenticationRequestParameters authenticationRequestParameters, AcquireTokenInteractiveParameters acquireTokenInteractiveParameters) at Microsoft.Identity.Client.Internal.Broker.BrokerInteractiveRequestComponent.FetchTokensAsync(CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.FetchTokensFromBrokerAsync(String brokerInstallUrl, CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.GetTokenResponseAsync(CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.ExecuteAsync(CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock) at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)

DEBUG: InteractiveBrowserCredential.Authenticate was unable to retrieve an access token. Scopes: [ User.Read ] ParentRequestId: Exception: Azure.Identity.AuthenticationFailedException (0x80131500): InteractiveBrowserCredential authentication failed: Could not load type 'Microsoft.Identity.Client.AuthScheme.TokenType' from assembly 'Microsoft.Identity.Client, Version=4.67.2.0, Culture=neutral, PublicKeyToken=0a613f4dd989e8ae'. ---> System.TypeLoadException (0x80131522): Could not load type 'Microsoft.Identity.Client.AuthScheme.TokenType' from assembly 'Microsoft.Identity.Client, Version=4.67.2.0, Culture=neutral, PublicKeyToken=0a613f4dd989e8ae'. Connect-MgGraph: InteractiveBrowserCredential authentication failed: Could not load type 'Microsoft.Identity.Client.AuthScheme.TokenType' from assembly 'Microsoft.Identity.Client, Version=4.67.2.0, Culture=neutral, PublicKeyToken=0a613f4dd989e8ae'.

</details>


### Configuration

_No response_

### Other information

_No response_

[extractedfile]

(New to GitHub, please forgive me if not following best practices)

Following this one! My company has been working around this as well and hoping it can be looked at soon. @DanielBradley1 not sure if your situation is the same, but this only came up because we're deploying Token Protection Conditional Access at my org.

Our workaround is similar to yours but I have it stepped out if anyone runs into this until fixed:

1. Navigate to Windows Settings -> Accounts -> Email & accounts -> “Add a work or school account” (blue hyperlink). We do this as most of our Graph use is done via separate accounts and not added to Windows by default (for the sign-in token)
2. Open PowerShell as Admin, verify $psversion is greater than 7.5.0 (update if not)
3. Check / Remove / Install Graph to -MaximumVersion 2.25.0 (Get/Uninstall/Install-Module Microsoft.Graph etc.)
4. Configure Module and Enable WAM (Import-Module Microsoft.Graph, Set-MgGraphOption -EnableLoginByWAM $true)
5. Running Connect-MgGraph should not show the Account picker and allow sign in with Token Protection enabled

Unrelated but for Exchange Module, we had to go to pre-release to allow Token Protection (3.8.0-Preview2):

1. Same as steps 1 & 2 above
2. Check / Remove / Install Exchange to Pre-Release (Install-Module ExchangeOnlineManagement -AllowPrerelease)
3. Restart PowerShell fully and Import-Module ExchangeOnlineManagement
4. WAM now shows and passes Token correctly.

SharePoint has no known workaround outside of using PnP which can be a hard sell. Here's to hoping this gets some traction!

[MIchaelMainer]

Are you still encountering this issue on 2.32.0?

We do see issues like this when different modules try to load the same dependencies that are different versions. We haven't defined a solution for this, yet.

[DanielBradley1]

Are you still encountering this issue on 2.32.0?

We do see issues like this when different modules try to load the same dependencies that are different versions. We haven't defined a solution for this, yet.

Hi Michael, yes this is still an issue on the latest version. Is something supposed to have changed regarding this issue in this latest version?

[MIchaelMainer]

Hi Daniel, to the best of my knowledge, nothing was supposed to change yet. I was just going through non-triaged issues to see how relevant they still are. Thank you for responding -- it helps us know that this is still very much relevant.

[derfischi]

I'm encountering the exact same issue. 2.25 works and everything above that breaks.