.NET core APP with Microsoft Identity Platform error AADSTS50020

Copper Contributor


I have a web application for which I am adding Microsoft Authentication as an option, this is working well, but only if the account I am login in as is on my 365 tenant. 


If not, I get the error above.

I wanted anyone with a Microsoft account to be able to log in, is it possible? 


My app manifests 


	"id": "02ce6fb8-56eb-4eca-afde-xxxxxxxx194f",
	"acceptMappedClaims": null,
	"accessTokenAcceptedVersion": 2,
	"addIns": [],
	"allowPublicClient": null,
	"appId": "69fbe77c-b849-4a35-8407-xxxxxxaf9a8",
	"appRoles": [],
	"oauth2AllowUrlPathMatching": false,
	"createdDateTime": "2023-06-09T13:48:52Z",
	"description": null,
	"certification": null,
	"disabledByMicrosoftStatus": null,
	"groupMembershipClaims": null,
	"identifierUris": [
	"informationalUrls": {
		"termsOfService": "https://xxxxxogy.co.uk/",
		"support": null,
		"privacy": "https://xxxxxxxxxgy.co.uk/",
		"marketing": null
	"keyCredentials": [],
	"knownClientApplications": [],
	"logoUrl": null,
	"logoutUrl": null,
	"name": "BigHelpdesk-Authentication",
	"notes": null,
	"oauth2AllowIdTokenImplicitFlow": true,
	"oauth2AllowImplicitFlow": false,
	"oauth2Permissions": [
			"adminConsentDescription": "Allows the app to access the web API on behalf of the signed-in user",
			"adminConsentDisplayName": "Access the API on behalf of a user",
			"id": "0720b330-6d84-4a5f-b125-xxxxxx4ff5",
			"isEnabled": true,
			"lang": null,
			"origin": "Application",
			"type": "User",
			"userConsentDescription": "Allows this app to access the web API on your behalf",
			"userConsentDisplayName": "Access the API on your behalf",
			"value": "access_as_user"
	"oauth2RequirePostResponse": false,
	"optionalClaims": null,
	"orgRestrictions": [],
	"parentalControlSettings": {
		"countriesBlockedForMinors": [],
		"legalAgeGroupRule": "Allow"
	"passwordCredentials": [
			"customKeyIdentifier": null,
			"endDate": "2025-06-09T13:49:42.5567971Z",
			"keyId": "620e9472-d14e-462d-a87a-xxxxxxxcf2d",
			"startDate": "2023-06-09T13:49:42.5567971Z",
			"value": null,
			"createdOn": "2023-06-09T13:49:43.2617899Z",
			"hint": "BYL",
			"displayName": "Secret created by dotnet-msidentity tool"
	"preAuthorizedApplications": [],
	"publisherDomain": "xxxxxxxxogy.co.uk",
	"replyUrlsWithType": [
			"url": "http://localhost:5000/signin-oidc",
			"type": "Web"
			"url": "https://localhost:5001/signin-oidc",
			"type": "Web"
			"url": "https://localhost:44376/signin-oidc",
			"type": "Web"
			"url": "http://localhost:56353/signin-oidc",
			"type": "Web"
	"requiredResourceAccess": [],
	"samlMetadataUrl": null,
	"signInUrl": "https://xxxxxxxxgy.co.uk",
	"signInAudience": "AzureADandPersonalMicrosoftAccount",
	"tags": [],
	"tokenEncryptionKeyId": null


1 Reply


Any conditional access in place?