AcquireTokenSilent always Failed to acquire token silently

Ricardo Polo Jaramillo picture Ricardo Polo Jaramillo · Apr 20, 2015 · Viewed 24.7k times · Source

Using ADAL I have two AuthenticationContext using a Token Cache persisted in SQL.

Using AcquireTokenByAuthorizationCode it writes the Token in database, but when using AcquireTokenSilent I always get

Failed to acquire token silently. Call method AcquireToken

Here are the details for replication the issue:

I create a Context

AuthenticationContext authContext = new AuthenticationContext(_authority, new AzureAdalCache(companyId, _entries, _unitOfWork));

Then I AcquireToken By Authorization

authContext.AcquireTokenByAuthorizationCode(authorizationCode, new Uri(redirectUri), _clientCredential);

At this point, it saves an entry in the database

Then if I call this I get an exception.

authContext.AcquireTokenSilent(_authority, _clientCredential, new UserIdentifier(companyId.ToString(), UserIdentifierType.UniqueId)).AccessToken;

I also tried with the same result:

authContext.AcquireTokenSilent(_authority, _clientId).AccessToken;
authContext.AcquireTokenSilent(_authority, _clientCredential, UserIdentifier.AnyUser).AccessToken;

I Post my AzureAdalCache implementation in this Gist.

Each entry of the Cache is like this.

What Am I missing?

Update

Based on answer of comments of @vibronet I have this

AuthenticationContext authContext = new AuthenticationContext(_authority, new AzureAdalCache(companyId, _entries, _unitOfWork));
authContext.AcquireTokenByAuthorizationCode(authorizationCode, new Uri(redirectUri), _clientCredential, _eWSResource);
string result = authContext.AcquireTokenSilent(_eWSResource, _clientId, UserIdentifier.AnyUser).AccessToken;

Answer

Ricardo Polo Jaramillo picture Ricardo Polo Jaramillo · Apr 21, 2015

The issue was that basically I was using Common Authority https://login.windows.net/common/oauth2/authorize in my App. It works for AcquireTokenByAuthorizationCode() but not for AcquireTokenSilent().

So I needed it to save the TenantId when call AcquireTokenByAuthorizationCode() and an authority use an authority like https://login.windows.net/<tenant ID>/oauth2/authorizewhen call AcquireTokenSilent(). This way the same code above works.