ms-intune-app-sdk-ios
ms-intune-app-sdk-ios copied to clipboard
msintuneappsdk
Enrollment failed: SDK could not access the user AAD token
Hey, I'm still facing the same issue.. Anybody has got a fix for this?
Im getting the below error when calling registerAndEnrollAccount after MSAL acquireTokenWithParameters. "The operation failed because the SDK could not access the user's AAD token. The application should prompt the user for credentials to refresh the user's AAD token."
Also in IntuneMAMEnrollmentStatus error object it returns below error. Error Domain=MSALErrorDomain Code=-50002 "(null)" UserInfo={MSALErrorDescriptionKey=No account provided for the silent request. Please call interactive acquireToken request to get an account identifier before calling acquireTokenSilent.}
Originally posted by @sudeepngeorge in https://github.com/msintuneappsdk/ms-intune-app-sdk-ios/issues/193#issuecomment-1231345286
Hi @sudeepngeorge, thank you for reaching out! Can you confirm a few more details of your scenario for me?
What SDK version are you using? Did this stop working after a specific version?
Please also confirm that step 4c of the documentation has been completed (Adding com.microsoft.adalcache to the Keychain Sharing entitlement)
@darosal I have the same issue when calling registerAndEnrollAccount:
The operation failed because the SDK could not access the user's AAD token. The application should prompt the user for credentials to refresh the user's AAD token.
Based on log from this and other tasks I have checked the following:
- My user is properly authenticated via MSAL prior this call and valid access token is used in the app prior the call
- I'm using MSAL with WKWebView configured, although I tested it when MS authenticator is part of the MSAL auth process
- The issues is reproducible on both a device and a simulator
- Both
com.microsoft.adalcacheandcom.microsoft.intune.mamare in my entitlements for keychain sharing groups - If I call
loginAndEnrollAccountinstead ofregisterAndEnrollAccountafter being autheticated with MSAL, I'm still asked to enter credentials one more time and unable to complete this flow with error -50000
My environment:
- MSAL: 1.2.9
- Intune: 17.3.2
- iOS: 16.3.1
Originally discussed on (this issue](https://github.com/msintuneappsdk/ms-intune-app-sdk-ios/issues/193#issuecomment-1532166695)
Please confirm if there is an issue/bug with registerAndEnrollAccount and if there are some workarounds to this issue?
@darosal please help Same here, is there something that we can do for that work?
I can't even use LoginAndEnrollAcount because i'm getting this error The operation couldn't be completed. (MSALErrorDomain error -50000.)
So I decided to use MSAL to login and then call RegisterAndEnrollAccount but this one gives me this error:
enrollmentRequest failure 203, error = The operation failed because the SDK could not access the user's AAD token. The application should prompt the user for credentials to refresh the user's AAD token.
Btw I'm using Xamarin
My environment:
- Microsoft.Identity.Client: 4.53.0
- Microsoft.Intune.MAM.Xamarin.iOS: 17.4.0
- iOS: 15.5
I am in the same scenario. Have an app that is already running MSAL. Updated MSAL, added Intune SDK, MSAL authentication still works fine but subsequently running registerAndEnrollAccount results in error 203,
The operation failed because the SDK could not access the user's AAD token. The application should prompt the user for credentials to refresh the user's AAD token.
Environment:
- MSAL: 1.2.14
- Intune SDK: 17.6.3
com.microsoft.adalcache is in the keychain sharing groups
Any tips towards a solution or workaround would be appreciated.
Closing stale issues. Please reopen if you still need help with this.
