[Bug] Unable to run a dotnet app that has msal web auth, in a devcontainer

[geekstuff-dev]

Library version used

4.66.1

.NET version

6.0

Scenario

PublicClient - desktop app

Is this a new or an existing app?

This is a new app or experiment

Issue description and reproduction steps

Hello,

So I'm trying to use devcontainers as much as possible to make things easier after, and this has been working great until I started working on an existing c# app that uses msal lib to either use windows native login, or launch a web browser with a redirect uri in linux.

Now in devcontainers, that web browser login flow works great with many tools. azure cli, aws cli, hashicorp vault, and a few more.

But I am unable to get this c# app using this library to work with that web browser + callback flow.

The problem seems to be that msal binds to localhost, which in devcontainers means the port is never forwarded to the host. But if it binded itself to 0.0.0.0 network interface, devcontainer would detect and forward and all that web flow would work, just like it does with azure cli and others.

I could not find any search results on this, any issues, any examples, nothing at all.
Maybe I'm not looking at the right things yet but yeah, any help in figuring how to fix this would be appreciated.

Thanks!

Relevant code snippets

PublicClientApplicationBuilder
    .Create(Settings.Azure.ClientId)
    .WithAuthority($"{Settings.Azure.Instance}/{Settings.Azure.TenantId}")
    .WithDefaultRedirectUri()
    .Build();

Expected behavior

same behavior as azure cli and all the other similar tools: binding to port 0.0.0.0 in linux to receive the web login flow callback.

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

not use msal?

[rayluo]

+1.

FYI: This was the commit that made Azure CLI work in this scenario.

[iulico-1]

@geekstuff-dev , did you have a chance to enable broker flows for the dev containers to see if you are still hitting the localhost binding issue? In general, MSAL is moving away from system browser path favoring broker integration flows. Consider using .WithBroker() option in the builders and report back your findings.

[geekstuff-dev]

I'm still new to dotnet so this is only heresay and might be wrong, but isn't the broker flow for a windows environment where you can natively get the login prompt?

The devcontainer runs inside a docker image, in a docker engine running inside WSL. You can also run devcontainers in a linux host without WSL and Windows.

Is the broker integration flow available for all those environments?