MsalServiceException AADSTS16000: Either multiple user identities are available for the current request or selected account is not supported for the scenario.

[TimgerineTim]

We're receiving an error when calling GetAccessToken(url, Prompt.Never) on a Authentication Manager that was created with Interactive Login. The issue seems to be when a user has multiple logins connected to Windows at once, it fails instead of choosing one.

Stack trace:
Faulting application name: 2024/10/04 11:36:35.858 | Exception thrown on ADCA startup: MSAL.Desktop.4.61.3.0.MsalServiceException: ErrorCode: interaction_required Microsoft.Identity.Client.MsalServiceException: AADSTS16000: Either multiple user identities are available for the current request or selected account is not supported for the scenario. Trace ID: 1cbcd903-8539-423b-a218-1e1674df3800 Correlation ID: a32e1e96-4c9c-4128-84ba-68e4cf308a93 Timestamp: 2024-10-04 01:36:35Z at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.VerifyAuthorizationResult(AuthorizationResult authorizationResult, String originalState) at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.<FetchAuthCodeAndPkceInternalAsync>d__7.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.<FetchAuthCodeAndPkceVerifierAsync>d__4.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<GetTokenResponseAsync>d__11.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<ExecuteAsync>d__9.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.Utils.StopwatchService.<MeasureCodeBlockAsync>d__4.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__11.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.ApiConfig.Executors.PublicClientExecutor.<ExecuteAsync>d__2.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at PnP.Framework.AuthenticationManager.<GetAccessTokenAsync>d__63.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at PnP.Framework.AuthenticationManager.<GetAccessTokenAsync>d__61.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at PnP.Framework.AuthenticationManager.GetAccessToken(String siteUrl, Prompt prompt) at AdcaAddin.Data.SharePointContextProvider.GetContext(String webFullUrl) at AdcaAddin.Data.SharePointContextProvider.GetConnectionStatus(Boolean refresh) at AdcaAddin.Data.AdcaData.TestConnection() at AdcaAddin.ThisAddIn.OnStartup() StatusCode: 0 ResponseBody: Headers: , version: %2, time stamp: 0x%3 Faulting module name: %4, version: %5, time stamp: 0x%6 Exception code: 0x%7 Fault offset: 0x%8 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15

[andre-brdoch]

Not using this library, but found your post when I encountered the same error using the MSAL javascript SDK. I could fix it with the help of their documentation, they mention the exact same error here: https://docs.azure.cn/en-us/entra/identity-platform/msal-js-sso#without-user-hint

However, there's a likelihood of silent sign-in errors if the application has multiple users in a single browser session or if the user has multiple accounts for that single browser session. The following error may be displayed if multiple accounts are available:
InteractionRequiredAuthError: interaction_required: AADSTS16000: Either multiple user identities are available for the current request or selected account is not supported for the scenario.
The error indicates that the server couldn't determine which account to sign into, and will require either one of the parameters in the previous example (account, login_hint, sid) or an interactive sign-in to choose the account.

Not sure how much control this library gives you over this, but maybe it is of help