是否需要通过https://apps.dev.microsoft.com注册新应用？

Question

do I have to register a new app with my MS Account via https://apps.dev.microsoft.com

- or -

can I add simply a new application to my Azure Active Directory?

I'd like to use the OAuth2 Implicit flow to use Single Sign On with Microsoft Graph . I have created a new application via the Azure Portal in our Active Directory, enabled implicit flow "oauth2AllowImplicitFlow": true, in the manifest and enabled multi-tenant environment . The goal is to enable Single Sign On for Personal and Organizational accounts, essentially everyone with an MS account. To authenticate and request new tokens I am using the common endpoint:

public const string AuthorizationEndPoint = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";

public const string TokenEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/token";

However I receive following error message:

https://login.live.com/err.srf?lc=1033#error=unauthorized_client&error_description=The+client+does+not+exist.+If+you+are+the+application+developer%2c+configure+a+new+application+through+the+application+management+site+at+https://apps.dev.microsoft.com/.&state=ABC...EFG

In the Azure Portal I do see the failed sign-ins with following message.

FAILURE REASON The application named X was not found in the tenant named Y. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.

If the app registration credentials are being used, I can successfully authenticate. I'd prefer to have everything to be administrated and maintained through the Azure Portal.

Answer 1

Short Answer

Yes, as you're using v2.0 endpoints you have to register your app on the App Registration Portal .

Long Answer

The answer depends on what type of endpoint you're trying to use and thus which accounts you want to support. Apps registered in the Azure Portal are v1.0 apps, whereas apps registered in the App Registration Portal are v2.0 apps.

Here's a great doc that compares the two endpoints. tl;dr below.

v1.0: Supports sign in with Azure AD accounts. Works with ADAL libraries. Can call the Microsoft Graph, other Microsoft resources, your own web API (w/ Access or ID tokens), and has generally supports more scenarios.

Docs Here

v2.0: Supports sign in with Azure AD & Microsoft Accounts (outlook, hotmail, etc.). Works with MSAL & most 3rd party oAuth/OIDC libraries. Can call the Microsoft Graph, and your own web API with ID tokens. More scenarios actively being added.

Docs Here

Answer 2

If you want to sign in users with both Azure AD and Microsoft Personal Accounts, you need to register an application at https://apps.dev.microsoft.com/ .

The applications created in this new developer portal are V2 applications, which natively support both types of user accounts. Learn more about the V2 app model here . As of today, the apps created in the Azure Portal will not be able to do this, and will only work for Azure AD accounts.

Today, applications created in the App Registration Portal cannot be managed in the Azure Portal, but it is good feedback that you want to manage all your apps in a single spot.

Try following our guided walkthroughs which should help you get an app up and running from start to finish:

https://docs.microsoft.com/en-us/azure/active-directory/develop/guidedsetups/active-directory-windesktop