We are building a new SaaS product (web app, API services & mobile clients eventually) that needs to authenticate users via Azure AD or a Microsoft Account. We plan to add support for Google/Github logins in the future.
Our web app is a single-page-app and we are planning to use OpenIdConnect protocol to authenticate against different IdPs.
We looked at using AAD v2 endpoint that supports AAD + MSA login, but the current limitations are a deal breaker for us (specifically, the need to use only one appId for all apps & services and lack of on-behalf-of flow). So we decided to integrate AAD and MSA in our app separately.
Given all the changes happening with Azure AD v1 & v2 endpoints and AAD B2C Service, is this the best way to go about this? We want our users to login with their (AAD based) work accounts or personal Microsoft accounts.