In my Web API application registered on Azure I obtain token for the users in Active Directory this way:
var result = await client.PostAsync(oauthEndpoint, new FormUrlEncodedContent(new[]
{
new KeyValuePair<string, string>("client_id", _azureOptions.ClientId),
new KeyValuePair<string, string>("grant_type", "password"),
new KeyValuePair<string, string>("username", userName),
new KeyValuePair<string, string>("password", password),
new KeyValuePair<string, string>("client_secret", _azureOptions.ClientSecret),
new KeyValuePair<string, string>("client_info", "1"),
new KeyValuePair<string, string>("scope",
"openid offline_access profile api://xxxxxxx-xxxxxxxxx-xxxxxxxxxxx/access_as_user"),
})).ConfigureAwait(false);
...
And I work well. I added a gmail.com guest account and now I get a error
{"error":"invalid_grant","error_description":"AADSTS50034: The user account Microsoft.AzureAD.Telemetry.Diagnostics.PII does not exist in the gmail.com directory. To sign into this application, the account must be added to the directory.\r\nTrace ID: c0a3f945-d446-430c-8e4e-fd77c95a5500\r\nCorrelation ID: 6cd071f3-b5b0-4ed2-98a2-292f45863e1a\r\nTimestamp: 2019-04-26 12:31:28Z","error_codes":[50034],"timestamp":"2019-04-26 12:31:28Z","trace_id":"c0a3f945-d446-430c-8e4e-fd77c95a5500","correlation_id":"6cd071f3-b5b0-4ed2-98a2-292f45863e1a"}
How can I fix that? If I create basic ASP.NET MVC Core application with azure authentiacation, which redirects to microsoft page, the basic application works avan with guest.
But in my "silent authentication" case guest users don't work