[Bug] Broker on Mac error to authenticate "Source application does not match redirect uri host. Invalid source app."

[RecuencoJones]

Describe the bug
A clear and concise description of what the bug is.

We are currently using msal[broker] to develop some Blender plugins that integrate with our Azure SSO.

When creating and running app.acquire_token_interactive() standalone, it works completely fine.
However, when running it from within Blender, the broker seems to do some extra verification of the redirectUri and detects some sort of mismatch.

To Reproduce
Steps to reproduce the behavior:

Clone https://github.com/RecuencoJones/blender-msal-plugin

First, we will verify that login works fine standalone

1. Update .env with corresponding AZURE_AD_TENANT_ID and AZURE_AD_CLIENT_ID, sample values are provided
2. Run just setup to fetch dependencies
3. Run uv run src/login.py
4. Verify success with token output

Now, the same from within Blender plugin

1. Update src/plugin.py with corresponding AZURE_AD_TENANT_ID and AZURE_AD_CLIENT_ID, sample values are provided or export as env variables for blender to pick them up.
2. Run just setup to fetch dependencies
3. Run just install-plugin to build and install the plugin to Blender
4. Open Blender from terminal (/usr/local/bin/blender or /Applications/Blender.app/Contents/MacOS/Blender)
5. Open Sidebar (shortcut n)
6. Open msal panel
7. Click Login
8. Verify success with token output in terminal

What you see instead

Sample debug output and error response from app.acquire_token_interactive():

$> /Applications/Blender.app/Contents/MacOS/Blender
DEBUG:urllib3.util.retry:Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
DEBUG:msal.authority:Initializing with Entra authority: https://login.microsoftonline.com/e55df843-27da-4824-bf76-9bbf0a598f59
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): login.microsoftonline.com:443
DEBUG:urllib3.connectionpool:https://login.microsoftonline.com:443 "GET /e55df843-27da-4824-bf76-9bbf0a598f59/v2.0/.well-known/openid-configuration HTTP/1.1" 200 1753
DEBUG:msal.authority:openid_config("https://login.microsoftonline.com/e55df843-27da-4824-bf76-9bbf0a598f59/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/e55df843-27da-4824-bf76-9bbf0a598f59/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/e55df843-27da-4824-bf76-9bbf0a598f59/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/e55df843-27da-4824-bf76-9bbf0a598f59/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/e55df843-27da-4824-bf76-9bbf0a598f59/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/e55df843-27da-4824-bf76-9bbf0a598f59/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/e55df843-27da-4824-bf76-9bbf0a598f59/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/e55df843-27da-4824-bf76-9bbf0a598f59/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
DEBUG:msal.application:Broker enabled? True
DEBUG:msal.application:Calling broker._signin_silently()
DEBUG:msal.broker:[MSAL:0001]	WARNING	SetAuthorityUri:78	Initializing authority from URI 'https://login.microsoftonline.com/e55df843-27da-4824-bf76-9bbf0a598f59' without authority type, defaulting to MsSts
DEBUG:msal.broker:[MSAL:0001]	ERROR  	ErrorInternalImpl:134	Created an error: 4qj1e, StatusInternal::InteractionRequired, InternalEvent::None, Error Code 0, Context 'Signin silently flows other than ROPC are not supported on macOS.'
DEBUG:msal.application:Falls back to broker._signin_interactively()
DEBUG:msal.broker:[MSAL:0001]	WARNING	SetAuthorityUri:78	Initializing authority from URI 'https://login.microsoftonline.com/e55df843-27da-4824-bf76-9bbf0a598f59' without authority type, defaulting to MsSts
DEBUG:msal.broker:[MSAL:0001]	INFO   	-[MSAIBrokerClient isAuthorizationTypeSupported:]:665	Continue without redirectUri validation on unsigned app runtime flow
DEBUG:msal.broker:[MSAL:0001]	INFO   	-[MSAIBrokerClient shouldReCheckSsoExtState]:1233	Recheck decision: 0
DEBUG:msal.broker:[MSAL:0001]	INFO   	SetCorrelationId:259	Set correlation ID: 5de759a9-b56a-4abc-a1bc-677a694a7f1d
DEBUG:msal.broker:[MSAL:0001]	INFO   	ExecuteInteractiveRequest:1160	The original authority is 'https://login.microsoftonline.com/e55df843-27da-4824-bf76-9bbf0a598f59'
DEBUG:msal.broker:[MSAL:0001]	INFO   	ExecuteInteractiveRequest:1171	The normalized realm is ''
DEBUG:msal.broker:[MSAL:0001]	INFO   	-[MSAIBrokerClient isAuthorizationTypeSupported:]:665	Continue without redirectUri validation on unsigned app runtime flow
DEBUG:msal.broker:[MSAL:0001]	INFO   	-[MSAIBrokerClient shouldReCheckSsoExtState]:1233	Recheck decision: 0
DEBUG:msal.broker:[MSAL:0001]	INFO   	ModifyAndValidateAuthParameters:216	Additional query parameter added successfully. Key: '(pii)' Value: '(pii)'
DEBUG:msal.broker:[MSAL:0001]	INFO   	ModifyAndValidateAuthParameters:216	Additional query parameter added successfully. Key: '(pii)' Value: '(pii)'
DEBUG:msal.broker:[MSAL:0001]	INFO   	ModifyAndValidateAuthParameters:216	Additional query parameter added successfully. Key: '(pii)' Value: '(pii)'
DEBUG:msal.broker:[MSAL:0001]	INFO   	ModifyAndValidateAuthParameters:240	Authority Realm: e55df843-27da-4824-bf76-9bbf0a598f59
DEBUG:msal.broker:[MSAL:0001]	WARNING	TryEnqueueMsaDeviceCredentialAcquisitionAndContinue:1053	MsaDeviceOperationProvider is not available. Not attempting to register the device.
DEBUG:msal.broker:[MSAL:0002]	WARNING	ReadAccountById:272	Account id is empty - account not found
DEBUG:msal.broker:[MSAL:0002]	INFO   	-[MSAIBrokerClient isAuthorizationTypeSupported:]:665	Continue without redirectUri validation on unsigned app runtime flow
DEBUG:msal.broker:[MSAL:0002]	INFO   	-[MSAIBrokerClient shouldReCheckSsoExtState]:1233	Recheck decision: 0
DEBUG:msal.broker:[MSAL:0002]	INFO   	-[MSAIBrokerClient isAuthorizationTypeSupported:]:665	Continue without redirectUri validation on unsigned app runtime flow
DEBUG:msal.broker:[MSAL:0002]	INFO   	-[MSAIBrokerClient shouldReCheckSsoExtState]:1233	Recheck decision: 0
DEBUG:msal.broker:[MSAL:0002]	INFO   	-[MSAIBrokerClient isAuthorizationTypeSupported:]:665	Continue without redirectUri validation on unsigned app runtime flow
DEBUG:msal.broker:[MSAL:0002]	INFO   	-[MSAIBrokerClient shouldReCheckSsoExtState]:1233	Recheck decision: 0
DEBUG:msal.broker:[MSAL:0001]	INFO   	-[MSAIMSIDKeychainTokenCache initWithGroup:error:]:169	TID=8747704 (main thread) MSAL.xplat.macOS 1.1.0+local Mac 14.7.4 [2025-03-27 10:58:22] Init MSAIMSIDKeychainTokenCache with keychainGroup: Masked(not-null)
DEBUG:msal.broker:[MSAL:0001]	INFO   	-[MSAIMSIDSSOExtensionInteractiveTokenRequestController acquireToken:]:55	TID=8747704 (main thread) MSAL.xplat.macOS 1.1.0+local Mac 14.7.4 [2025-03-27 10:58:22 - 5DE759A9-B56A-4ABC-A1BC-677A694A7F1D] [MSAL.xplat.macOS] Beginning interactive broker extension flow.
DEBUG:msal.broker:[MSAL:0001]	INFO   	-[MSAIMSIDSSOExtensionInteractiveTokenRequest executeRequestWithCompletion:]:122	TID=8747704 (main thread) MSAL.xplat.macOS 1.1.0+local Mac 14.7.4 [2025-03-27 10:58:22 - 5DE759A9-B56A-4ABC-A1BC-677A694A7F1D] [MSAL.xplat.macOS] Beginning interactive broker flow.
DEBUG:msal.broker:[MSAL:0001]	INFO   	-[MSAIMSIDAuthority resolveAndValidate:userPrincipalName:context:completionBlock:]:109	TID=8747704 (main thread) MSAL.xplat.macOS 1.1.0+local Mac 14.7.4 [2025-03-27 10:58:22 - 5DE759A9-B56A-4ABC-A1BC-677A694A7F1D] [MSAL.xplat.macOS] Resolving authority: Masked(not-null), upn: e3b0c442
DEBUG:msal.broker:[MSAL:0003]	WARNING	-[MSAIMSIDAadAuthorityCache networkUrlForAuthority:context:]:247	TID=8747730 MSAL.xplat.macOS 1.1.0+local Mac 14.7.4 [2025-03-27 10:58:22 - 5DE759A9-B56A-4ABC-A1BC-677A694A7F1D] [MSAL.xplat.macOS] No cached preferred_network for authority
DEBUG:msal.broker:[MSAL:0003]	INFO   	-[MSAIMSIDAadAuthorityResolver resolveAuthority:userPrincipalName:validate:context:completionBlock:]_block_invoke:102	TID=8747730 MSAL.xplat.macOS 1.1.0+local Mac 14.7.4 [2025-03-27 10:58:22 - 5DE759A9-B56A-4ABC-A1BC-677A694A7F1D] [MSAL.xplat.macOS] Waiting on Authority Validation Queue
DEBUG:msal.broker:[MSAL:0004]	INFO   	-[MSAIMSIDAadAuthorityCache processImpl:authority:openIdConfigEndpoint:context:error:]:123	TID=8747762 MSAL.xplat.macOS 1.1.0+local Mac 14.7.4 [2025-03-27 10:58:23 - 5DE759A9-B56A-4ABC-A1BC-677A694A7F1D] [MSAL.xplat.macOS] Caching AAD Environements
DEBUG:msal.broker:[MSAL:0004]	INFO   	-[MSAIMSIDAadAuthorityCache processImpl:authority:openIdConfigEndpoint:context:error:]:165	TID=8747762 MSAL.xplat.macOS 1.1.0+local Mac 14.7.4 [2025-03-27 10:58:23 - 5DE759A9-B56A-4ABC-A1BC-677A694A7F1D] [MSAL.xplat.macOS] networkHost: login.microsoftonline.com, cacheHost: login.windows.net, aliases: login.microsoftonline.com, login.windows.net, login.microsoft.com, sts.windows.net
DEBUG:msal.broker:[MSAL:0004]	INFO   	-[MSAIMSIDAadAuthorityCache processImpl:authority:openIdConfigEndpoint:context:error:]:165	TID=8747762 MSAL.xplat.macOS 1.1.0+local Mac 14.7.4 [2025-03-27 10:58:23 - 5DE759A9-B56A-4ABC-A1BC-677A694A7F1D] [MSAL.xplat.macOS] networkHost: login.partner.microsoftonline.cn, cacheHost: login.partner.microsoftonline.cn, aliases: login.partner.microsoftonline.cn, login.chinacloudapi.cn
DEBUG:msal.broker:[MSAL:0004]	INFO   	-[MSAIMSIDAadAuthorityCache processImpl:authority:openIdConfigEndpoint:context:error:]:165	TID=8747762 MSAL.xplat.macOS 1.1.0+local Mac 14.7.4 [2025-03-27 10:58:23 - 5DE759A9-B56A-4ABC-A1BC-677A694A7F1D] [MSAL.xplat.macOS] networkHost: login.microsoftonline.de, cacheHost: login.microsoftonline.de, aliases: login.microsoftonline.de
DEBUG:msal.broker:[MSAL:0004]	INFO   	-[MSAIMSIDAadAuthorityCache processImpl:authority:openIdConfigEndpoint:context:error:]:165	TID=8747762 MSAL.xplat.macOS 1.1.0+local Mac 14.7.4 [2025-03-27 10:58:23 - 5DE759A9-B56A-4ABC-A1BC-677A694A7F1D] [MSAL.xplat.macOS] networkHost: login.microsoftonline.us, cacheHost: login.microsoftonline.us, aliases: login.microsoftonline.us, login.usgovcloudapi.net
DEBUG:msal.broker:[MSAL:0004]	INFO   	-[MSAIMSIDAadAuthorityCache processImpl:authority:openIdConfigEndpoint:context:error:]:165	TID=8747762 MSAL.xplat.macOS 1.1.0+local Mac 14.7.4 [2025-03-27 10:58:23 - 5DE759A9-B56A-4ABC-A1BC-677A694A7F1D] [MSAL.xplat.macOS] networkHost: login-us.microsoftonline.com, cacheHost: login-us.microsoftonline.com, aliases: login-us.microsoftonline.com
DEBUG:msal.broker:[MSAL:0004]	INFO   	-[MSAIMSIDAuthority resolveAndValidate:userPrincipalName:context:completionBlock:]_block_invoke:125	TID=8747762 MSAL.xplat.macOS 1.1.0+local Mac 14.7.4 [2025-03-27 10:58:23 - 5DE759A9-B56A-4ABC-A1BC-677A694A7F1D] [MSAL.xplat.macOS] Resolved authority, validated: YES, error: 0
DEBUG:msal.broker:[MSAL:0004]	ERROR  	-[MSAIMSIDBrokerKeyProvider createBrokerKeyWithError:]:229	TID=8747762 MSAL.xplat.macOS 1.1.0+local Mac 14.7.4 [2025-03-27 10:58:23] Could not write broker key -34018
DEBUG:msal.broker:[MSAL:0004]	ERROR  	MSAIMSIDFillAndLogError:239	TID=8747762 MSAL.xplat.macOS 1.1.0+local Mac 14.7.4 [2025-03-27 10:58:23] Encountered error with code -51808, description Masked(not-null)
DEBUG:msal.broker:[MSAL:0004]	ERROR  	-[MSAIMSIDBrokerKeyProvider base64BrokerKeyWithContext:error:]:151	TID=8747762 MSAL.xplat.macOS 1.1.0+local Mac 14.7.4 [2025-03-27 10:58:23 - 5DE759A9-B56A-4ABC-A1BC-677A694A7F1D] [MSAL.xplat.macOS] Failed to retrieve broker key with error MaskedError(MSAIMSIDErrorDomain, -51808)
DEBUG:msal.broker:[MSAL:0004]	INFO   	-[MSAIMSIDBrokerOperationRequest jsonDictionary]:103	TID=8747762 MSAL.xplat.macOS 1.1.0+local Mac 14.7.4 [2025-03-27 10:58:23 - 5DE759A9-B56A-4ABC-A1BC-677A694A7F1D] Broker key is invalid, continue generating broker request for MSAIMSIDBrokerOperationInteractiveTokenRequest class
DEBUG:msal.broker:[MSAL:0004]	INFO   	-[ASAuthorizationController(MSAIMSIDExtensions) msaimsidPerformRequests]:33	TID=8747762 MSAL.xplat.macOS 1.1.0+local Mac 14.7.4 [2025-03-27 10:58:23] ASAuthorizationController: performRequests with operation(s): login
DEBUG:msal.broker:[MSAL:0003]	INFO   	-[MSAIMSIDAadAuthorityResolver resolveAuthority:userPrincipalName:validate:context:completionBlock:]_block_invoke:104	TID=8747730 MSAL.xplat.macOS 1.1.0+local Mac 14.7.4 [2025-03-27 10:58:23 - 5DE759A9-B56A-4ABC-A1BC-677A694A7F1D] [MSAL.xplat.macOS] Returned from Authority Validation Queue
DEBUG:msal.broker:[MSAL:0001]	ERROR  	-[MSAIMSIDSSOExtensionRequestDelegate authorizationController:didCompleteWithError:]:53	TID=8747704 (main thread) MSAL.xplat.macOS 1.1.0+local Mac 14.7.4 [2025-03-27 10:58:27 - 5DE759A9-B56A-4ABC-A1BC-677A694A7F1D] [MSAL.xplat.macOS] Received error from SSO extension: MaskedError(com.apple.AuthenticationServices.AuthorizationError, -6000)
DEBUG:msal.broker:[MSAL:0001]	INFO   	-[MSAIMSIDSSOExtensionInteractiveTokenRequestController acquireToken:]_block_invoke:61	TID=8747704 (main thread) MSAL.xplat.macOS 1.1.0+local Mac 14.7.4 [2025-03-27 10:58:27 - 5DE759A9-B56A-4ABC-A1BC-677A694A7F1D] [MSAL.xplat.macOS] Interactive broker extension flow finished. Result (null), error: -50000 error domain: MSALErrorDomain
DEBUG:msal.broker:[MSAL:0001]	INFO   	-[MSAIMSIDSSOExtensionInteractiveTokenRequestController shouldFallback:]:94	TID=8747704 (main thread) MSAL.xplat.macOS 1.1.0+local Mac 14.7.4 [2025-03-27 10:58:27 - 5DE759A9-B56A-4ABC-A1BC-677A694A7F1D] [MSAL.xplat.macOS] Looking if we should fallback to fallback controller, error: -50000 error domain: MSALErrorDomain.
DEBUG:msal.broker:[MSAL:0001]	INFO   	-[MSAIMSIDSSOExtensionInteractiveTokenRequestController shouldFallback:]:98	TID=8747704 (main thread) MSAL.xplat.macOS 1.1.0+local Mac 14.7.4 [2025-03-27 10:58:27 - 5DE759A9-B56A-4ABC-A1BC-677A694A7F1D] [MSAL.xplat.macOS] fallback controller is nil, SSO extension controller should fallback: NO
DEBUG:msal.broker:[MSAL:0001]	ERROR  	ErrorInternalImpl:134	Created an error: 4ut1e, StatusInternal::Unexpected, InternalEvent::None, Error Code -42000, Context 'Description: (pii), Domain: MSALErrorDomain.Error was thrown in location: Broker'
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:423	Printing Telemetry for Correlation ID: 5de759a9-b56a-4abc-a1bc-677a694a7f1d
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: authority_type, Value: Unknown
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: stop_time, Value: 2025-03-27T10:58:27.000Z
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: msalruntime_version, Value: 0.17.1
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: all_error_tags, Value: 4ut1e
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: api_status_code, Value: StatusInternal::Unexpected
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: api_error_tag, Value: 4ut1e
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: api_error_code, Value: -42000
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: api_name, Value: SignInInteractively
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: authorization_type, Value: Interactive
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: ui_event_count, Value: 1
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: read_token_last_error, Value: missing required parameter
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: is_successful, Value: false
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: additional_query_parameters_count, Value: 3
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: original_authority, Value: https://login.microsoftonline.com/e55df843-27da-4824-bf76-9bbf0a598f59
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: broker_app_used, Value: true
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: msal_version, Value: 1.1.0+local
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: api_error_context, Value: Description: (pii), Domain: MSALErrorDomain.Error was thrown in location: Broker
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: was_request_throttled, Value: false
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: request_duration, Value: 5109
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: request_eligible_for_broker, Value: true
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: auth_flow, Value: Broker
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: start_time, Value: 2025-03-27T10:58:22.000Z
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: client_id, Value: deb27bec-956b-447e-8084-c37534a345fa
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:431	Key: correlation_id, Value: 5de759a9-b56a-4abc-a1bc-677a694a7f1d
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:436	Printing Execution Flow:
DEBUG:msal.broker:[MSAL:0001]	INFO   	LogTelemetryData:444	{"t":"646u1","tid":1,"ts":0,"l":2},{"t":"4s7ub","tid":1,"ts":1,"l":2},{"t":"4sufd","tid":1,"ts":1,"s":2,"l":2},{"t":"4swgg","tid":1,"ts":1,"s":1,"l":2},{"t":"4swgf","tid":1,"ts":1,"s":1,"l":2},{"t":"4swgi","tid":2,"ts":1,"s":1,"l":2},{"t":"8bkxy","tid":2,"ts":2,"l":2},{"t":"8bkxy","tid":2,"ts":2,"l":2},{"t":"8dqkl","tid":2,"ts":3,"l":2,"a":9,"ie":0},{"t":"481mc","tid":1,"ts":12,"l":2},{"t":"8dqkn","tid":1,"ts":5110,"l":2,"a":5,"ie":1},{"t":"8dqko","tid":1,"ts":5110,"l":2,"a":9,"ie":1},{"t":"646u1","tid":1,"ts":5110,"l":2}

{'error': 'broker_error', 'error_description': 'Description: (pii), Domain: MSALErrorDomain.Error was thrown in location: Broker. Status: Response_Status.Status_Unexpected, Error code: -42000, Tag: 508638916', 'msal_telemetry': '{"msalruntime_telemetry":{"DATA LIMITED":"Full MSALRuntime telemetry not yet implemented","api_error_context":"Error context redacted, value may be written to log.","api_name":"SignInInteractively","api_status_code":"StatusInternal::Unexpected","broker_app_used":"true","client_id":"deb27bec-956b-447e-8084-c37534a345fa","correlation_id":"5de759a9-b56a-4abc-a1bc-677a694a7f1d","is_successful":"false","msal_version":"1.1.0+local","msalruntime_version":"0.17.1"},"msal_python_telemetry":null}'}

Relevant logs from tail -F ~/Library/Containers/com.microsoft.CompanyPortalMac.ssoextension/Data/Library/Caches/Logs/Microsoft/SSOExtension/*:

2025-03-27 12:05:14:077 | I | ADB v3.4.3/WPJ v3.5.35 | TID=8755911 MSAL 1.6.3 Mac 14.7.4 [2025-03-27 11:05:14] Keychain find status: -25300
2025-03-27 12:05:14:077 | E | ADB v3.4.3/WPJ v3.5.35 | TID=8755911 MSAL 1.6.3 Mac 14.7.4 [2025-03-27 11:05:14] Creating Error with description: redirect uri has incorrect scheme - it must be in the form of msauth.<app_bundle_id>://auth
2025-03-27 12:05:14:077 | E | ADB v3.4.3/WPJ v3.5.35 | TID=8755911 MSAL 1.6.3 Mac 14.7.4 [2025-03-27 11:05:14] Creating Error with description: Source application does not match redirect uri host. Invalid source app.
2025-03-27 12:05:14:077 | E | ADB v3.4.3/WPJ v3.5.35 | TID=8755911 MSAL 1.6.3 Mac 14.7.4 [2025-03-27 11:05:14] Creating Error with description: MSAL redirectUri validation error: redirect uri has incorrect scheme - it must be in the form of msauth.<app_bundle_id>://auth
ADAL redirectUri validation error: Source application does not match redirect uri host. Invalid source app.
2025-03-27 12:05:14:077 | I | ADB v3.4.3/WPJ v3.5.35 | Request complete
2025-03-27 12:05:14:077 | E | ADB v3.4.3/WPJ v3.5.35 | TID=8755911 MSAL 1.6.3 Mac 14.7.4 [2025-03-27 11:05:14] Failed to handle SSO request, error Error Domain=MSALErrorDomain Code=-42000 "(null)" UserInfo={MSALErrorDescriptionKey=MSAL redirectUri validation error: redirect uri has incorrect scheme - it must be in the form of msauth.<app_bundle_id>://auth
ADAL redirectUri validation error: Source application does not match redirect uri host. Invalid source app.}

The MSAL Python version you are using

1.32.0

Additional context

Running on MacOS Sonoma 14.7 and Microsoft Intune Company Portal 5.2502.1

The app registration has already Platform iOS / macOS with Bundle ID com.msauth.unsignedapp and redirect URI: msauth.com.msauth.unsignedapp://auth