question

AaronBurton-5929 avatar image
0 Votes"
AaronBurton-5929 asked ·

unauthorized_client when using orginizational directories

I am trying to create a web app for students at my school. We are a Microsoft school, all students have a Microsoft account associated with their name. I'd like to use that to sign in to my web app. So I've been experimenting with ways to get that sign-in to work, and keep getting stuck.
If I create an Azure Active Directory App registration and select either of the "Accounts in this (or any) organizational directory", I get the following error when I try to log in:
unauthorized_client: The client does not exist or is not enabled for consumers.
If I create the App registration and select "Accounts in any... and personal Microsoft accounts", it tells me my school email does not exist. (Yes, I verified spelling on it, and logged in on live.com just to make sure the account is working fine.) My personal Microsoft account works fine with this setup.
Being as this web app is designed just for the school, ideally I would want "Accounts in this organizational directory" as my option. But I would be happy with the "personal Microsoft accounts" option, if it would recognize my school email. How can I sign in with my school email to my web app?

Using Django 3.0 and social-auth-app-django library with Live.com OAuth2.

azure-active-directoryazure-ad-authentication
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AaronBurton-5929 avatar image
0 Votes"
AaronBurton-5929 answered ·

I found that the Social-Auth library has support for Azure AD directly. I switched to that instead of live.com and sign-in now works.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered ·

If you are are trying to go through Live you need to make sure that Live has tenant access per the application confi. Please make sure you have updated the app to support live SDK and multi tenancy: https://account.live.com/developers/applications/index

Also, please check the app manifest and app config file and ensure that the right tenant is listed in these.

· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for some direction. The link you sent takes me to a page that says "Application registrations portal is no longer available to register and manage converged applications." It points me to the Azure portal, where I have been working so far.

How, in the Azure portal, do I make sure that Live as tenant access?

0 Votes 0 ·