I am setting up OIDC within an ASP.NET Core 3.1 web mvc application. I have setup "OpenIdConnect" for our employees specifying the authority via
"Authority": "https://login.microsoftonline.com/{0}/v2.0"
Where {0} is the companyname.onmicrosoft.com (or companyname is the tenantId) -> this works fine/well.
We have Azure GUEST accounts within our AD/ADFS and this above authority is not working for these accounts. i.e. my bob@gmail account is setup as a guest account in Azure AD. I have read that it should against companyname.onmicrosoft.com however the only way I could log in with guest access was to use authority
"Authority": "https://login.microsoftonline.com/common/v2.0"
Using common within the authority url I could log into my application. This also means I had to know what type of auth employee or guest account before user could log in (i.e. different buttons making the user choose between type of auth to perform)...this is less than ideal.
I would like to use the same Authority for both employees and guest users..is this possible?
If I use "Authority": "https://login.microsoftonline.com/{0}/v2.0" > where {0} is tenant mycompany.onmicrosoft.com and try to log in with my bob@gmail AD GUEST Account it fails and I get this error... (interesting how the redirect_uri is using common even though bob@gmail is AD guest account
It is interested the reference to common here even though i was using "Authority": "https://login.microsoftonline.com/{0}/v2.0" > where {0} is tenant mycompany.onmicrosoft.com