domain_hint Not Working

[myokeeh]

Which Version of MSAL are you using ?
2.7.0

Which platform has the issue?
UWP Desktop

What authentication flow has the issue?

• Desktop / Mobile
  • Interactive
  • Integrated Windows Auth
  • Username Password
  • Device code flow (browserless)
• Web App
  • Authorization code
  • OBO
• Web API
  • OBO

Repro

MSAL version (DOES NOT show customized login):

await pca.AcquireTokenAsync(scopes, user, UIBehavior.ForceLogin, "domain_hint=mydomain.com");

ADAL version (shows customized login):

await ac.AcquireTokenAsync(resourceId, clientId,
                                    new Uri(redirectUri),
                                    new PlatformParameters(PromptBehavior.Always, false),
                                    UserIdentifier.AnyUser,
                                    "domain_hint=mydomain.com");

Expected behavior
Expecting to have our customized login for mydomain.com and password hint text shown like it currently does for our ADAL version.

Actual behavior
It doesn't show the customized login configured as it does on ADAL.

[jmprieur]

@MarkZuber @henrik-me didn't you say this week that extraQueryParameters were not sent to the STS in MSAL 2.x ?
This will be fixed in MSAL 3.x.

[MarkZuber]

Verified this is not being sent on 2.7.0. This is fixed in our dev3x branch as part of our upcoming 3.x release. We don't have locked down timelines for a 3.x release but it should be within the next two weeks. is this blocking you @myokeeh or can you wait for our 3.x release?

[myokeeh]

Not a big deal. Just wasn't sure if I was doing it correctly.

[MarkZuber]

Thanks for the quick reply @myokeeh . Keep an eye out for announcements of our 3.x release.

[jmprieur]

Fixed in 3.x (with the new builder API)

[jennyf19]

Fixed in MSAL 3.0.0-preview release

[myokeeh]

@jennyf19 testing this out now. Is this syntax correct? It doesn't seem to show me the email textbox hint nor does it show our company branding.

 IPublicClientApplication pca = PublicClientApplicationBuilder.Create(clientId)
                                        .WithRedirectUri(redirectUri)
                                        .WithLogging(Log, Microsoft.Identity.Client.LogLevel.Info, enablePiiLogging: true, enableDefaultPlatformLogging: true)
                                        .WithExtraQueryParameters(new Dictionary<string, string>() { { "domain_hint", "mydomain.com" } })
                                        .Build();

[jmprieur]

@myokeeh : which authority did you use?
Can you please try .WithExtraQueryParameters(new Dictionary<string, string>() { { "domain_hint", "orgnaizations" } })

[myokeeh]

@jmprieur authority is https://login.microsoftonline.com/{tenant_id}

I tried "organizations" per your suggestion, but it doesn't display company branding as expected.

[myokeeh]

@jmprieur actually, this seems to work. I didn't have .WithAuthority(authority)

 IPublicClientApplication pca = PublicClientApplicationBuilder.Create(clientId)
	.WithRedirectUri(redirectUri)
	.WithAuthority(authority)
	.WithLogging(Log, Microsoft.Identity.Client.LogLevel.Info, enablePiiLogging: true, enableDefaultPlatformLogging: true)
	.WithExtraQueryParameters(new Dictionary<string, string>() { { "domain_hint", "domain.com" } })
	.Build();

[myokeeh]

@jmprieur I took out the whole .WithExtraQueryParameters() line and it still seems to work. I don't even need it then?

[jmprieur]

oh, that's new to me @myokeeh ; but the service has probably improved.
I'll check and update the doc.

do I understand that your problem is solved.

[myokeeh]

Got it. Yes, solved. Thanks!