My web app uses the Microsoft Graph API to sign in users and access their calendars. I'm currently experiencing an issue upon trying to sign up with a Live/Hotmail account. After that Live/Hotmail account is selected, Microsoft sends the user to a page with this message:
User account '[email protected]' from identity provider 'live.com' does not exist in tenant 'MY_TENANT_NAME' and cannot access the application 'MY_APP_ID'(MY_APP_NAME) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
My web app is registered with Microsoft Azure as "Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)". As this is a personal account I'm trying to sign up with, I expected it to just let me sign up. I've entered a Redirect URI & a Logout URL, I've left "Access tokens" & "ID tokens" unchecked, "Live SDK support" is "Yes", and "Default client type" is "No".
I'm using the Python MSAL to send the user to MS:
def _build_msal_app(cache=None):
return msal.ConfidentialClientApplication(
MY_CLIENT_ID, authority=MY_AUTHORITY,
client_credential=MY_CLIENT_SECRET, token_cache=cache)
# Send user to MS Login
session["state"] = str(uuid.uuid4())
auth_url = _build_msal_app().get_authorization_request_url(
MY_SCOPES,
state=session["state"],
redirect_uri=MY_REDIRECT_URI)
return flask.redirect(auth_url)
I suspected my application registration was somehow corrupt, so I registered a 2nd application and updated the ID's in my code, but that didn't fix it. Any help is much appreciated!
https://login.microsoftonline.com/commonendpoint. – Gaurav Mantri