Tip #1122: Multiple tokens in cache

If you are working with multiple user or app identities (e.g. for testing), and the code uses ADAL, and especially if the application is killed or crashes, you may occasionally get an error:

multiple_matching_tokens_detected: The cache contains multiple tokens satisfying the requirements. Call AcquireToken again providing more requirements (e.g. UserId)

Note that it does not have to be your code, it could be another application that uses Xrm.Tooling (that does use ADAL), for example. I encountered this error while working with Package Deployer where it fails to load the solution and if you click View Log Files (tucked away in the left bottom corner), you’ll find something like this at the bottom of the file:

PackageDeployment Information 8 5/06/2018 1:34:21 AM Status: Importing solutions
PackageDeployment Error 2 5/06/2018 1:34:21 AM Message: Failed to execute DoImportSolutionItem Method
Source : Microsoft.IdentityModel.Clients.ActiveDirectory

followed by the multiple_matching_tokens_detected error described above.

The root cause is somewhat clear: ADAL gets confused after searching token cache and finding multiple tokens for the same authority/resource/clientid combination but for different users. The solution is to reset the token cache for the application that uses it. It is per application and located in the appdata folder for that application. For Package Deployer, for example, token cache is the file Default_PackageDeployer.tokens.dat and located in the C:\Users\<username>\AppData\Roaming\Microsoft\PackageDeployer folder. Delete that file and you are as good as new.

While you’re at it, take a look at Default_PackageDeployer.exe.config file located in the same folder. This is where Package Deployer saves the last connection information, feel free to play with it (at your own risk, that is). The most ubiquitous Plugin Registration tool has its stuff in, you guessed it, C:\Users\<username>\AppData\Roaming\Microsoft\PluginRegistration folder, in case you need it.

Facebook and Twitter cover photo by Tyson Dudley on Unsplash

6 thoughts on “Tip #1122: Multiple tokens in cache

  1. […] Sure enough, I tried a new account and things worked fine.  The only issue I ran into as an after thought was the “multiple tokens in cache” issue which can be resolved here. […]

  2. David Fraticelli says:

    This was perfect and I am very pleased to find this on the internet. This was exactly my issue and deleting the .dat file worked like a charm. Thank you.

  3. Anon says:

    Thanks! Life saving!

  4. Abhishek Shrivastav says:

    Life Saver. Please post it as a solution in some stackoverflow problem as well. You will be superhelpful.

  5. Tyler Sand says:

    I was having the same issue in the Plugin Registration Tool. In the UI, it was showing the following error:

    “Multiple CDS Organizations are available to you. Please choose the CDS.”

    After reviewing the trace log however, I found this error:

    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Error 2 1/12/2022 11:22:33 AM ERROR REQUESTING Token FROM THE Authentication context – General ADAL Error
    Source : Microsoft.IdentityModel.Clients.ActiveDirectory
    Method : LoadSingleItemFromCache
    Date : 1/12/2022
    Time : 11:22:33 AM
    Error : multiple_matching_tokens_detected: The cache contains multiple tokens satisfying the requirements. Call AcquireToken again providing more arguments (e.g. UserId)

    I deleted C:\Users\username\AppData\Roaming\Microsoft\PluginRegistration and that resolved the issue.

Leave a Reply

Your email address will not be published. Required fields are marked *