cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MSAL Modern Auth (OAuth 2.0) for personnal accounts

GeoprodYan
New Contributor

‎Sep 07 2022 02:15 AM - edited ‎Sep 07 2022 02:21 AM

‎Sep 07 2022 02:15 AM - edited ‎Sep 07 2022 02:21 AM

MSAL Modern Auth (OAuth 2.0) for personnal accounts

Hi,

I am trying to use @azure/msal-node on a node backend server. 
all work fine for business accounts onmicrosoft.com but not for personnal accounts like outlook.com

according to this documentation, Authentication seems to be possible
https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-i...

But i don't understand if my problem come from azure AD configuration or from my code. 

 

exp.post('/connect', function (req, res) {
  let authCodeUrlParameters = {
    scopes: SCOPES_OUTLOOK,
    redirectUri: "http://localhost:4220/redirect",
  };
  publicMicrosoftClient.getAuthCodeUrl(authCodeUrlParameters).then((response) => {
    if (req.body.email) {
      response += `&login_hint=${req.body.email}`
    }
    open(response)
  }).catch((error) => console.log(JSON.stringify(error)));
});

exp.get('/redirect', async function (req, res) {
  try {
    const form = {
      'code': req.query.code,
      'client_id': CLIENT_ID_OUTLOOK,
      'scope': SCOPES_OUTLOOK.join(' '),
      'redirect_uri': 'http://localhost:4220/outlookOauth2',
      'grant_type': 'authorization_code',
      'client_secret': encodeURI(SECRET_VALUE_OUTLOOK),
    }

    const options = {
      url: 'https://login.microsoftonline.com/common/oauth2/v2.0/token',
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
      },
      method: 'post',
    }

    response = await got(options, { form });
    respToken = response.body
    ...
  } catch (error) {
    console.log(error)
    res.end();
  }
});

 


the error come from ...v2.0/token request. the server response doesn't really help (error 400 bad request)

GeoprodYan_0-1662541725665.png

in azure AD we have app registered and all required scope with status granted.
Thank you in advance for your help,
Yan






602 Views
0 Likes
2 Replies
Reply
2 Replies
kalpeshvaghela

‎Sep 07 2022 05:33 AM

‎Sep 07 2022 05:33 AM

Re: MSAL Modern Auth (OAuth 2.0) for personnal accounts

@GeoprodYan 

 

Did you select below mentioned Account Type while you create App Registration in Azure?

 

kalpeshvaghela_0-1662553709652.png

 

If you are not sure then you can validate it in Authentication section of your Azure App Registration as shown in below steps

 

kalpeshvaghela_1-1662553770373.png

 

If you have missed to select that account type while creating application then you won't see it in above screen shot, you can update it directly and you need to update it using manifest editor. 

 

You can click on Manifest and update "signInAudience" value to "AzureADandPersonalMicrosoftAccount"

 

kalpeshvaghela_4-1662553985522.png

 

 

 

 

Hope it will helpful to you and if so then Please mark my response as Best Response & Like to help others in this community

 

0 Likes
Reply
GeoprodYan

‎Sep 08 2022 02:42 AM

‎Sep 08 2022 02:42 AM

Re: MSAL Modern Auth (OAuth 2.0) for personnal accounts

@kalpeshvaghela 

Thank you for your help,

Unfortunately, we allready have this configuration in azureAD. 

However, your answer, helped me to look for documentation on manifest properties. And i came across this page (which define the needed properties with AzureADandPersonalMicrosoftAccount)   https://docs.microsoft.com/fr-fr/azure/active-directory/develop/supported-accounts-validation

But this doesn't explain why token request work in particular case and not in others....


0 Likes
Reply