Forum Discussion

GeoprodYan's avatar
GeoprodYan
Copper Contributor
Sep 07, 2022

MSAL Modern Auth (OAuth 2.0) for personnal accounts

Hi,

I am trying to use azure/msal-node on a node backend server. 
all work fine for business accounts onmicrosoft.com but not for personnal accounts like mailto:email address removed for privacy reasons,

according to this documentation, Authentication seems to be possible
https://docs.microsoft.com/fr-fr/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth

But i don't understand if my problem come from azure AD configuration or from my code. 

 

exp.post('/connect', function (req, res) {
  let authCodeUrlParameters = {
    scopes: SCOPES_OUTLOOK,
    redirectUri: "http://localhost:4220/redirect",
  };
  publicMicrosoftClient.getAuthCodeUrl(authCodeUrlParameters).then((response) => {
    if (req.body.email) {
      response += `&login_hint=${req.body.email}`
    }
    open(response)
  }).catch((error) => console.log(JSON.stringify(error)));
});

exp.get('/redirect', async function (req, res) {
  try {
    const form = {
      'code': req.query.code,
      'client_id': CLIENT_ID_OUTLOOK,
      'scope': SCOPES_OUTLOOK.join(' '),
      'redirect_uri': 'http://localhost:4220/outlookOauth2',
      'grant_type': 'authorization_code',
      'client_secret': encodeURI(SECRET_VALUE_OUTLOOK),
    }

    const options = {
      url: 'https://login.microsoftonline.com/common/oauth2/v2.0/token',
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
      },
      method: 'post',
    }

    response = await got(options, { form });
    respToken = response.body
    ...
  } catch (error) {
    console.log(error)
    res.end();
  }
});

 


the error come from ...v2.0/token request. the server response doesn't really help (error 400 bad request)

in azure AD we have app registered and all required scope with status granted.
Thank you in advance for your help,
Yan






Azure AD Apps
developer
oauth 2 0
Outlook 365

2 Replies

  • kalpeshvaghela's avatar
    kalpeshvaghela
    Iron Contributor
    Sep 07, 2022

    GeoprodYan 

     

    Did you select below mentioned Account Type while you create App Registration in Azure?

     

     

    If you are not sure then you can validate it in Authentication section of your Azure App Registration as shown in below steps

     

     

    If you have missed to select that account type while creating application then you won't see it in above screen shot, you can update it directly and you need to update it using manifest editor. 

     

    You can click on Manifest and update "signInAudience" value to "AzureADandPersonalMicrosoftAccount"

     

     

     

     

     

    Hope it will helpful to you and if so then Please mark my response as Best Response & Like to help others in this community

     

    • GeoprodYan's avatar
      GeoprodYan
      Copper Contributor
      Sep 08, 2022

      kalpeshvaghela 

      Thank you for your help,

      Unfortunately, we allready have this configuration in azureAD. 

      However, your answer, helped me to look for documentation on manifest properties. And i came across this page (which define the needed properties with AzureADandPersonalMicrosoftAccount)   https://docs.microsoft.com/fr-fr/azure/active-directory/develop/supported-accounts-validation

      But this doesn't explain why token request work in particular case and not in others....


Resources