Duplicate key in dictionary when accessing UserAgent during AcquireTokenSilentAsync

[rickykaare]

Which Version of MSAL are you using ?
MSAL 3.0.1-preview

Platform
Xamarin Android

What authentication flow has the issue?

• Desktop / Mobile
  • Interactive
  • Integrated Windows Auth
  • Username Password
  • Device code flow (browserless)
• Web App
  • Authorization code
  • OBO
• Web API
  • OBO

Other? - please describe;

Is this a new or existing app?
a. The app is in production, and I have upgraded to a new version of MSAL

Repro

var ClientApplication = PublicClientApplicationBuilder
    .Create(clientId)
    .WithB2CAuthority(signInAuthority)
    .WithRedirectUri($"msal{ClientId}://auth")
    .WithIosKeychainSecurityGroup(securityGroup)
    .WithDebugLoggingCallback(LogLevel.Verbose, true, true)
    .Build();
var account = await GetAccountAsync();
if (account == null)
    return null;

return await ClientApplication.AcquireTokenSilentAsync(
    scopes, 
    account, 
    signInAuthority, 
    true);

Expected behavior
Should return a token, if one is present in the token cache.

Actual behavior
On a Samsung Galaxy S9 we get the following exception thrown:

System.ArgumentException: An item with the same key has already been added. Key: User-Agent
at System.Collections.Generic.Dictionary`2[TKey,TValue].TryInsert (TKey key, TValue value, System.Collections.Generic.InsertionBehavior behavior)
at System.Collections.Generic.Dictionary`2[TKey,TValue].Add (TKey key, TValue value)
at System.Net.Http.Headers.HttpHeaders.GetValues[T] (System.String name)
at System.Net.Http.Headers.HttpRequestHeaders.get_UserAgent ()
at Microsoft.Identity.Client.Http.HttpManager+<ExecuteAsync>d__9.MoveNext ()
at Microsoft.Identity.Client.Http.HttpManager+<ExecuteWithRetryAsync>d__8.MoveNext ()
at Microsoft.Identity.Client.Http.HttpManager+<SendGetAsync>d__5.MoveNext ()
at Microsoft.Identity.Client.OAuth2.OAuth2Client+<ExecuteRequestAsync>d__10`1[T].MoveNext ()
at Microsoft.Identity.Client.OAuth2.OAuth2Client+<DiscoverAadInstanceAsync>d__8.MoveNext ()
at Microsoft.Identity.Client.Instance.AadInstanceDiscovery+<SendInstanceDiscoveryRequestAsync>d__12.MoveNext ()
at Microsoft.Identity.Client.Instance.AadInstanceDiscovery+<DoInstanceDiscoveryAndCacheAsync>d__7.MoveNext ()
at Microsoft.Identity.Client.Instance.AadInstanceDiscovery+<GetMetadataEntryAsync>d__6.MoveNext ()
at Microsoft.Identity.Client.TokenCache+<GetCachedOrDiscoverAuthorityMetaDataAsync>d__59.MoveNext ()
at Microsoft.Identity.Client.TokenCache+<Microsoft-Identity-Client-ITokenCacheInternal-FindRefreshTokenAsync>d__55.MoveNext ()
at Microsoft.Identity.Client.Internal.Requests.SilentRequest+<FindRefreshTokenOrFailAsync>d__6.MoveNext ()
at Microsoft.Identity.Client.Internal.Requests.SilentRequest+<ExecuteAsync>d__3.MoveNext ()
at Microsoft.Identity.Client.Internal.Requests.RequestBase+<RunAsync>d__13.MoveNext ()
at Microsoft.Identity.Client.ApiConfig.Executors.ClientApplicationBaseExecutor+<ExecuteAsync>d__2.MoveNext ()
at Microsoft.Identity.Client.ClientApplicationBase+<AcquireTokenSilentAsync>d__22.MoveNext ()

Possible Solution

Additional context/ Logs / Screenshots
Add any other context about the problem here, such as logs and screebshots. Logging is described at https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/logging

[jennyf19]

@rickykaare Which version of MSAL were you using before you updated?

[rickykaare]

We were using v2.7.1 before the upgrade.

After some testing today, we found out that AcquireTokenSilentAsync was being called from multiple places at the same time. Apparently the method is not thread-safe, as it is calling HttpRequestHeaders.UserAgent on a shared header.

[jmprieur]

@MarkZuber @bgavrilMS

[bgavrilMS]

Good catch @rickykaare, we are calling DefaultRequestHeaders which apparently is not thread safe dotnet/dotnet-api-docs#1085

[bgavrilMS]

Fixed by 00c070a

[jennyf19]

included in msal 3.0.3-preview