I am trying to develop a single-tenant application and I am receiving the following error message when signing in:
"Application '(app ID)' is not configured as a multi-tenant application. Usage of the /common endpoint is not supported for such applications created after '10/15/2018'. Use a tenant-specific endpoint or configure the application to be multi-tenant."
I verified in the Azure AD portal, under the 'App Registrations' => 'Authentication' => 'Supported Account Types' section, that the 'Accounts in this organizational directory only (###### only - Single tenant)' option had been selected.
I then made certain, inside my code, the 'https://login.microsoftonline.com/{tenantID}' endpoint is in use. Stated differently, there is no mention of the '/common' endpoint anywhere in the code.
Private Shared appId As String = ConfigurationManager.AppSettings("ida:ClientId")
Private Shared appSecret As String = ConfigurationManager.AppSettings("ida:ClientSecret")
Private Shared redirectUri As String = ConfigurationManager.AppSettings("ida:PostLogoutRedirectUri")
Private Shared graphScopes As String = ConfigurationManager.AppSettings("ida:AppScopes")
Private Shared sAzureAdInstance As String = "https://login.microsoftonline.com/"
Private Shared sTenant As String = ConfigurationManager.AppSettings("ida:TenantId")
Private Shared sAuthority As String = sAzureAdInstance & sTenant
Public Sub ConfigureAuth(ByVal app As IAppBuilder)
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType)
app.UseCookieAuthentication(New CookieAuthenticationOptions())
app.UseOpenIdConnectAuthentication(New OpenIdConnectAuthenticationOptions With {
.ClientId = appId,
.Scope = $"openid email profile offline_access {graphScopes}",
** .Authority = sAuthority, **
.RedirectUri = redirectUri,
.PostLogoutRedirectUri = redirectUri,
.TokenValidationParameters = New TokenValidationParameters With {
.ValidateIssuer = False
},
.Notifications = New OpenIdConnectAuthenticationNotifications With {
.AuthenticationFailed = AddressOf OnAuthenticationFailedAsync,
.AuthorizationCodeReceived = AddressOf OnAuthorizationCodeReceivedAsync,
}
})
End Sub
I am expecting my app to run in single-tenant mode. I am unable to find meaningful documentation relating to this issue.
EDIT:
I have isolated the erroneous method in my code and the following snippet shows its context:
Dim signedInUser = New ClaimsPrincipal(notification.AuthenticationTicket.Identity)
Dim idClient As IConfidentialClientApplication = ConfidentialClientApplicationBuilder.Create(appId).WithRedirectUri(redirectUri).WithClientSecret(appSecret).Build()
Dim scopes As String() = graphScopes.Split(" "c)
'NOTE: The scopes string array contains the following two values: User.Read and Calendars.Read.
Dim authResult = Await idClient.AcquireTokenByAuthorizationCode(scopes, notification.Code).ExecuteAsync()
'EXECUTION HALTS HERE
I cannot discern the correlation between the AcquireTokenByAuthorizationCode() method and the error message. It is not readily apparent to me what might be wrong.
Any assistance is greatly appreciated.
https://login.microsoftonline.com/tenant-id/v2.0
as the authority? – juunas