-1

Following the documentation, registered an application with Accounts in any organizational directory. The Tenant where the application resides is in "Default Directory" and has only one user, tiagomartinsperes@gmail.com. Also, the app has user assignment (as pointed out here) set to No

enter image description here

After, created another Tenant (different directory) and invited the external user me@tiagoperes.eu. That's the user I'm getting troubles logging into the previously created app.

Then, enable the OAuth2 support using social_core.backends.azuread.AzureADOAuth2 (from here).

As I try to authenticate now, it works well with tiagomartinsperes@gmail.com but with me@tiagoperes.eu gives the following error

Selected user account does not exist in tenant 'Default Directory' and cannot access the application 'a9a22676-8a1c-4297-95d3-8cd89553220e' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account.

Microsoft Auth Error

Tiago Martins Peres
  • 14,289
  • 18
  • 86
  • 145

1 Answers1

0

The problem is the URL the user is redirected to. According to the docs, multi-tenant applications should redirect to https://login.microsoftonline.com/organizations.

As we see in the Python Social Auth AzureADOAuth2 class, the BASE_URL is

BASE_URL = "https://{authority_host}/{tenant_id}"

Since authority_host = "https://login.microsoftonline.com/" and tenant_id="common", we'd get the wrong url.

Changing that and signing in with the same user and now I get a request to add the permissions

enter image description here

Reported that issue here too.

Community
  • 1
  • 1
Tiago Martins Peres
  • 14,289
  • 18
  • 86
  • 145