Login with OAuth2 And Azure Active Directory With Personal account microsoft

0
votes

Hello guys i have exactly the same problem in this question: Login with personal Microsoft accounts failes to Oauth2 v2

But i don't understand the answer, where i should configure this link in the manifest? https://login.microsoftonline.com/common/oauth2/v2.0/authorize

My manifest is:

{
"id": "0982f18d-116c-45c0-b1ee-59dd9fa3344b",
"acceptMappedClaims": null,
"accessTokenAcceptedVersion": 2,
"addIns": [],
"allowPublicClient": null,
"appId": "002543f2-87b6-43e4-91a3-cfdef655dc7a",
"appRoles": [],
"oauth2AllowUrlPathMatching": false,
"createdDateTime": "2021-02-04T10:09:11Z",
"disabledByMicrosoftStatus": null,
"groupMembershipClaims": null,
"identifierUris": [],
"informationalUrls": {
    "termsOfService": null,
    "support": null,
    "privacy": null,
    "marketing": null
},
"keyCredentials": [],
"knownClientApplications": [],
"logoUrl": null,
"logoutUrl": null,
"name": "AppBotTipBook",
"oauth2AllowIdTokenImplicitFlow": false,
"oauth2AllowImplicitFlow": false,
"oauth2Permissions": [],
"oauth2RequirePostResponse": false,
"optionalClaims": null,
"orgRestrictions": [],
"parentalControlSettings": {
    "countriesBlockedForMinors": [],
    "legalAgeGroupRule": "Allow"
},
"passwordCredentials": [
    {
        "customKeyIdentifier": null,
        "endDate": "2299-12-30T23:00:00Z",
        "keyId": "86c3141b-02ac-4d47-9ecf-0cabb8ba2fc4",
        "startDate": "2021-02-04T10:10:43.464Z",
        "value": null,
        "createdOn": "2021-02-04T10:10:44.3986206Z",
        "hint": "_3D",
        "displayName": "botlogin"
    }
],
"preAuthorizedApplications": [],
"publisherDomain": "unisalerno.onmicrosoft.com",
"replyUrlsWithType": [
    {
        "url": "https://token.botframework.com/.auth/web/redirect",
        "type": "Web"
    }
],
"requiredResourceAccess": [
    {
        "resourceAppId": "00000003-0000-0000-c000-000000000000",
        "resourceAccess": [
            {
                "id": "570282fd-fa5c-430d-a7fd-fc8dc98a9dca",
                "type": "Scope"
            },
            {
                "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
                "type": "Scope"
            },
            {
                "id": "b340eb25-3456-403f-be2f-af7a0d370277",
                "type": "Scope"
            },
            {
                "id": "e383f46e-2787-4529-855e-0e479a3ffac0",
                "type": "Scope"
            },
            {
                "id": "37f7f235-527c-4136-accd-4a02d197296e",
                "type": "Scope"
            },
            {
                "id": "14dad69e-099b-42c9-810b-d002981feec1",
                "type": "Scope"
            }
        ]
    }
],
"samlMetadataUrl": null,
"signInUrl": null,
"signInAudience": "AzureADandPersonalMicrosoftAccount",
"tags": [],
"tokenEncryptionKeyId": null

}

For now the authentication works only for my university domain, but i want to allow the authentication through microsoft personal email, like [email protected]

1
azureoauth-2.0oauthazure-active-directory
The answer you linked answers the question. You need to modify the authorization URL your app uses. This is not in the manifest. It is in your app configuration/code.juunas
Can you be more specific? with an example image? or something like thatGabriele Pisapia
@juunas i tried this one but i can't update with "Common" i can't write in this string pasteboard.co/JNo82VS.pngGabriele Pisapia

1 Answers

1
votes

In your code developed you would be using an endpoint to authorize and get the oauth token.

If you are using MSAL (Microsoft Authentication Library)

The commonly used parameters to configure the client app in your code would

Client ID Redirect URI Authority Client Secret in some cases

So in this, you will have to configure authority url.

https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-client-application-configuration#authority

So for example in your code, if you are building client application object, you would something like below :

string authority = "https://login.microsoftonline.com/common";
 string[] scopes = new string[] { "user.read" };
 IPublicClientApplication app = PublicClientApplicationBuilder
      .Create(clientId)
      .WithAuthority(authority)
      .Build();

Update :

  1. Go to Bot Channels Registration page (Azure Portal)
  2. Click Setting
  3. OAuth Connection Settings -> Add Setting
  4. In the new setting pag - enter the connection name, client app related informations in the following page

You will be using this connection name in your code.

Here's the catch : Under tenantid, fill it up as a common rather than a specific tenant id.