I am using Microsoft Azure AD and OAuth2 to get access token using authorization code:
- Build login url and redirect to it
https://login.microsoftonline.com/common/oauth2/authorize?client_id=xxx&response_type=code&redirect_uri=yyyy&response_mode=query&scope=zzzz&state=1111
Return from login page and get code
Get access token (POST)
https://login.microsoftonline.com/common/oauth2/token?client_id=xxxx&redirect_uri=yyyy&code=zzzz&grant_type=authorization_code&client_secret=1111
Everything works just fine, but between steps 1 and 2 the end-user has to choose which account to use (see login screen pictures at the end).
The user is always already logged in to login.microsoftonline.com at this point and the consent to use the application has been granted by the admin to the whole organization.
Question:
Is there any way to skip this, for example with optional parameter indicating to automatically use account with @company.com suffix? Is it possible with the common
tenant or even with a specific tenant?
Goal:
I have a group policy to open some web pages on startup and I want users automatically logged in to this website. Even one click ruins this. I am using PHP if it matters.
- old login screen:
- new login screen:
prompt=none
in your request URL in step 1. However please keep in mind that if the user is not signed in, then the application will generate an error and you would need to handle that. More information here: docs.microsoft.com/en-us/azure/active-directory/develop/…. – Gaurav Mantriprompt=none
doesn't seem to work even if I only have one account in the list and logged in.domain_hint
did though! – bloodleh