Now I have one App in Azure active directory1, and a web api in Azure active directory2. My aim is to allow users in AAD1 and AAD2 can both login the App.
So far I've enabled App and Api as multi-tenant, added each other in the manifest as known client application.
The things I've not finished yet: add one as a custom domain into the other, add permissions btw api and app, and I met some problems on these two.
Right now my error msg is:
An error has occurred while authorizing access via Authorization Server: unauthorized_client AADSTS65005: Invalid > resource. The client has requested access to a resource which is not listed in the requested permissions in the client's application registration.
When I tried to give the access in the api, in the required permission list, I didn't see the web app (which is in the other directory). How should I do with it?
If I move both App and Api under the same directory, is there anyway that allows users from the other directory to login?