[英]AADSTS50020 error when authenticating user with live.com based account
I am working on an app that manages azure resources for customers (provision VMs, create VNets). 我正在开发一个为客户管理天蓝色资源的应用程序(供应VM,创建VNet)。
We have created a multi-tenant application in the azure portal that is configured for Delegated permissions of Windows Azure Service Management API and Windows Azure Active Directory. 我们已经在azure门户中创建了一个多租户应用程序,该应用程序配置为Windows Azure服务管理API和Windows Azure Active Directory的委派权限。
We are able to login AAD based account without a problem. 我们能够成功登录基于AAD的帐户。 But when a live.com based account logs in, the user gets a AADSTS50020 error.
但是,当基于live.com的帐户登录时,用户会收到AADSTS50020错误。
We for the login, we are navigating to https://login.microsoftonline.com/common/OAuth2/Authorize with the following parameters: 对于登录,我们使用以下参数导航到https://login.microsoftonline.com/common/OAuth2/Authorize :
client_id=XXX&response_mode=query&response_type=code&redirect_uri=XXX&prompt=consent
Here is the full error message: 这是完整的错误消息:
AADSTS50020: User account 'xxx@hotmail.com' from identity provider 'live.com' does not exist in tenant 'XXX' and cannot access the application 'xxx' in that tenant.
AADSTS50020:来自身份提供者“ live.com”的用户帐户“ xxx@hotmail.com”在租户“ XXX”中不存在,并且无法访问该租户中的应用程序“ xxx”。 The account needs to be added as an external user in the tenant first.
首先需要将该帐户作为外部用户添加到租户中。 Sign out and sign in again with a different Azure Active Directory user account.
注销并使用其他Azure Active Directory用户帐户再次登录。
You need to use V2 endpoints in order to allow access from personal microsoft accounts. 您需要使用V2终结点才能允许来自个人microsoft帐户的访问。 I run into the same problems by using the v1 endpoint.
我使用v1端点遇到了同样的问题。
Use this endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
使用此终结点:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
For example: 例如:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize ?client_id=ffffff-1111-2222-3333-37fd4f8c20ee &response_type=id_token &redirect_uri=http://localhost:8080/login/microsoft/callback &response_mode=form_post &prompt=consent &scope=openid &state=12345 &nonce=RandomGUI
Good luck 祝好运
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.