Take home account from request, if not available elsewhere. #5657
+33
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bgavrilMS
approved these changes
Jan 19, 2026
bgavrilMS
reviewed
Jan 19, 2026
| { | ||
| ClientInfo clientInfo = response.ClientInfo != null ? ClientInfo.CreateFromJson(response.ClientInfo) : null; | ||
| string homeAccountId = clientInfo?.ToAccountIdentifier() ?? idToken?.Subject; // ADFS does not have client info, so we use subject | ||
| string homeAccountId = clientInfo?.ToAccountIdentifier() ?? idToken?.Subject ?? requestParams.Account.HomeAccountId.Identifier; // ADFS does not have client info, so we use subject |
Member
There was a problem hiding this comment.
if requestParams.Account is null etc, protect against Null refs
bgavrilMS
approved these changes
Jan 19, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #5618
Changes proposed in this request
When refreshing a token, PingIdentity does not return the home account. This change takes the home account from the request if existing places do not supply it.
Testing
Added a test for the
TokenCachefor the PingIdentity scenario I face.Performance impact
None done, minor impact of and extra
??when there is no ID/client_info returned.Documentation
This is a PR to fix an issue with the experimental feature of using an OIDC that is not Azure, namely PingIdentity. When getting a refresh token, the client_info is not returned, and nor is a new identity token. I believe that according to the spec these are optional so seems a valid scenario. In this case to get the right cache key the home account is taken from the request. If that is not present we will be back to a NRE again, but at least for PingIdentity we seem to be able to refresh tokens.
First PR here, so hopefully this is at least food for thought, if it is not the right approach.
Thanks for looking.