I have Angular 9 client calling Azure Functions. I started off with msal-angular package using "implicit grant flow" for authentication, and that worked fine.
My client app registration in Azure has its Authentication set to "Accounts in this organizational directory only (Default Directory only - Single tenant)". I can't change this setting as the app will only be available to company users.
I'm using my personal Microsoft account with Gmail username (e.g.: [email protected]). This account is a "Guest" in Azure AD, so far, so good.
I'm moving away from msal-angular and implementing PKCE authentication flow.
I'm using angular-auth-oidc-client package. My stsServer and authWellknownEndpoint are set to https://login.microsoftonline.com/[tenant-id]/v2.0 (turned out to be the problem, see update at the bottom)
Here are the login scenarios I'm having issues with:
When I use my
[email protected], I get"unauthotized_client ..."error right after I enter my username
When I use my UPN (e.g.:
[email protected]#EXT#@our_ad_owner.onmicrosoft.com) I get to the password prompt, but my Microsoft password doesn't work. I understand why it doesn't work (that password has nothing to do with AD), but I can't figure out how to set AD password for that account.
When I try to reset my password in AD, it tells me that "[email protected] is a Microsoft account that is managed by the user. Only [email protected] can reset their password for this account."
Any help with setting AD password for my UPN would be appreciated. I would also like to know if it's possible to login with my actual email address, and not UPN.
UPDATE: The problem was with angular-auth-oidc-client setup, authWellknownEndpoint was set to https://login.microsoftonline.com/common/v2.0, after I changed it to https://login.microsoftonline.com/[tenant-id]/v2.0 it worked!
