[Bug] Improve error handling when System.Text.Encodings.Web SIMD path is unsupported during MSI JSON build (PlatformNotSupportedException → actionable MsalClientException) #5521
Description
Library version used
latest
.NET version
net 8
Scenario
ManagedIdentityClient - managed identity
Is this a new or an existing app?
The app is in production, and I have upgraded to a new version of MSAL
Issue description and reproduction steps
Repro (minimal):
- Host a .NET worker on a machine/App Service/WebJob where HW intrinsics aren’t available (32-bit, old CPU, or intrinsics disabled).
- Acquire MSI token via Azure.Identity (which calls MSAL) while passing claims or client capabilities (any code path that builds JSON).
- Observe crash:
System.PlatformNotSupportedException
at System.Text.Encodings.Web.OptimizedInboxTextEncoder.AllowedAsciiCodePoints.get_AsVector()
at System.Text.Encodings.Web.OptimizedInboxTextEncoder.GetIndexOfFirstCharToEncodeSsse3(...)
at System.Text.Json.Utf8JsonWriter.WritePropertyName(...)
at Microsoft.Identity.Client.Utils.JsonHelper.JsonObjectToString(...)
at Microsoft.Identity.Client.Internal.ClaimsHelper.GetMergedClaimsAndClientCapabilities(...)
Relevant code snippets
Expected behavior
MSAL wraps this in an MsalClientException with a clear message and remediation:
“Process may be 32-bit or hardware intrinsics are unavailable. Run x64, update runtime, or set DOTNET_EnableHWIntrinsic=0 to force the non-SIMD path.”
ACTUAL :-
PlatformNotSupportedException bubbles up via Azure.Identity as “ManagedIdentityCredential authentication failed: Operation is not supported on this platform,” which looks like an MSI/KeyVault issue.
Identity provider
Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)
Regression
No response
Solution and workarounds
Guard JSON merge calls:
try { … } catch (PlatformNotSupportedException ex) { throw new MsalClientException("json_encoder_intrinsics_unsupported", BuildHelpfulMessage(), ex); }