Error AADSTS50020 when authenticating user with live.com account

Question

Error AADSTS50020 when authenticating user with live.com account

I am working on an application that manages Azure resources for clients (provisioning virtual machines, creating virtual networks).

We created a multi-tenant application on the Azure portal, configured for delegated permissions of the Windows Azure Service Management API and Windows Azure Active Directory.

We can log in to the AAD account without any problems. But when a live.com-based account logs in, the user receives error AADSTS50020.

We are to enter the system, we go to https://login.microsoftonline.com/common/OAuth2/Authorize with the following parameters:

client_id=XXX&response_mode=query&response_type=code&redirect_uri=XXX&prompt=consent

Here is the complete error message:

AADSTS50020: The user account " xxx@hotmail.com " from the identity provider "live.com" does not exist in the client "XXX" and cannot access the application "xxx" in this client. First you need to add the account as an external user to the client. Log out and log back in using a different Azure Active Directory user account.

+5

azure azure-active-directory azure-web-app-service

Michael sabin Mar 10 '17 at 10:03

source share

1 answer

LukeSolar · Answer 1 · 2019-09-05T19:14:57+0000

You need to use V2 endpoints to allow access from your personal Microsoft accounts. I am facing the same problems using endpoint v1.

Use this endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/authorize

For instance:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize ?client_id=ffffff-1111-2222-3333-37fd4f8c20ee &response_type=id_token &redirect_uri=http://localhost:8080/login/microsoft/callback &response_mode=form_post &prompt=consent &scope=openid &state=12345 &nonce=RandomGUI

Error AADSTS50020 when authenticating user with live.com account

More articles: