I am creating a web app (javascript/HTML) that enables me to manage azure resources on a user's behalf. I want to use MSAL to login a user and obtain an access token for the Azure Resource Manager. Is this possible? When I try the below code the popup is restricted to work/school logins (I want it to be accessible to all accounts) and fails when I use a work email stating the app is not supported for your organization _____ because it is in an unmanaged state.
Here is what I do:
I create a MSAL object.
var myMSALObj = new Msal.UserAgentApplication(applicationConfig.clientID, applicationConfig.authority, acquireTokenRedirectCallBack,
{storeAuthStateInCookie: true, cacheLocation: "localStorage"});
I then call loginPopup and pass in management.azure.com as the scope.
myMSALObj.loginPopup("https://management.azure.com/.default")
.then(
function (idToken){
myMSALObj.acquireTokenSilent("https://management.azure.com/.default")
})
Note: I also tried setting the scope to: https://management.azure.com/user_impersonation.
I have registered an Azure app and the manifest specifies requiredResourceAccess to include Azure Service Management and "signInAudience" is set to "AzureADandPersonalMicrosoftAccount".
How do I use MSAL login with a scope that requests access to azure resources?