From 70e7eae7709159b57b503df2541e0cb2e7b66c92 Mon Sep 17 00:00:00 2001
From: Tyler James Leonhardt <2644648+TylerLeonhardt@users.noreply.github.com>
Date: Fri, 29 Aug 2025 11:47:16 -0700
Subject: [PATCH] MSAL Redirect Funkiness (#264057)

Why do they do this to me...
---
 .../microsoft-authentication/src/node/authProvider.ts      | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/extensions/microsoft-authentication/src/node/authProvider.ts b/extensions/microsoft-authentication/src/node/authProvider.ts
index 34d13add183..bccfcc2e9e4 100644
--- a/extensions/microsoft-authentication/src/node/authProvider.ts
+++ b/extensions/microsoft-authentication/src/node/authProvider.ts
@@ -484,11 +484,18 @@ export class MsalAuthProvider implements AuthenticationProvider {
 						forceRefresh = true;
 						claims = scopeData.claims;
 					}
+					let redirectUri: string | undefined;
+					// If we have the broker available and are on macOS, we HAVE to include the redirect URI or MSAL will throw an error.
+					// HOWEVER, if we are _not_ using the broker, we MUST NOT include the redirect URI or MSAL will throw an error.
+					if (cachedPca.isBrokerAvailable && process.platform === 'darwin') {
+						redirectUri = Config.macOSBrokerRedirectUri;
+					}
 					const result = await cachedPca.acquireTokenSilent({
 						account,
 						authority,
 						scopes: scopeData.scopesToSend,
 						claims,
+						redirectUri,
 						forceRefresh
 					});
 					sessions.push(this.sessionFromAuthenticationResult(result, scopeData.originalScopes));