Forum Discussion
MSAL Modern Auth (OAuth 2.0) for personnal accounts
Hi,
I am trying to use azure/msal-node on a node backend server.
all work fine for business accounts onmicrosoft.com but not for personnal accounts like outlook.com
according to this documentation, Authentication seems to be possible
https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth
But i don't understand if my problem come from azure AD configuration or from my code.
exp.post('/connect', function (req, res) {
let authCodeUrlParameters = {
scopes: SCOPES_OUTLOOK,
redirectUri: "http://localhost:4220/redirect",
};
publicMicrosoftClient.getAuthCodeUrl(authCodeUrlParameters).then((response) => {
if (req.body.email) {
response += `&login_hint=${req.body.email}`
}
open(response)
}).catch((error) => console.log(JSON.stringify(error)));
});
exp.get('/redirect', async function (req, res) {
try {
const form = {
'code': req.query.code,
'client_id': CLIENT_ID_OUTLOOK,
'scope': SCOPES_OUTLOOK.join(' '),
'redirect_uri': 'http://localhost:4220/outlookOauth2',
'grant_type': 'authorization_code',
'client_secret': encodeURI(SECRET_VALUE_OUTLOOK),
}
const options = {
url: 'https://login.microsoftonline.com/common/oauth2/v2.0/token',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
method: 'post',
}
response = await got(options, { form });
respToken = response.body
...
} catch (error) {
console.log(error)
res.end();
}
});
the error come from ...v2.0/token request. the server response doesn't really help (error 400 bad request)
in azure AD we have app registered and all required scope with status granted.
Thank you in advance for your help,
Yan
Did you select below mentioned Account Type while you create App Registration in Azure?
If you are not sure then you can validate it in Authentication section of your Azure App Registration as shown in below steps
If you have missed to select that account type while creating application then you won't see it in above screen shot, you can update it directly and you need to update it using manifest editor.
You can click on Manifest and update "signInAudience" value to "AzureADandPersonalMicrosoftAccount"
Hope it will helpful to you and if so then Please mark my response as Best Response & Like to help others in this community
kalpeshvaghela
Thank you for your help,
Unfortunately, we allready have this configuration in azureAD.
However, your answer, helped me to look for documentation on manifest properties. And i came across this page (which define the needed properties with AzureADandPersonalMicrosoftAccount) https://docs.microsoft.com/fr-fr/azure/active-directory/develop/supported-accounts-validation
But this doesn't explain why token request work in particular case and not in others....
