[英]How can I allow public login on my app registration in my Azure Tenant?
I'm trying to create an app hosted in Azure that (should) allow public login, as long as you have a Microsoft account.我正在尝试创建一个托管在 Azure 中的应用程序,只要您拥有 Microsoft 帐户,它(应该)允许公共登录。 I don't care if it's a business or personal account.
我不在乎它是企业帐户还是个人帐户。 You just need to be able to log in. I'm creating a SPA and an API.
您只需要能够登录。我正在创建一个 SPA 和一个 API。
So I went to the Azure portal and created an app registration and configured the app reg to allow all users from within, or outside the organization with a valid personal or business Microsoft account.因此,我转到 Azure 门户并创建了一个应用程序注册并配置了应用程序注册以允许来自组织内部或外部的所有用户使用有效的个人或企业 Microsoft 帐户。
Now the SPA is an Angular app and I use Damien Bod's OpenId library to log in. When I point the stsServer to my login endpoint ( https://login.microsoftonline.com/{my-tenant-id}/v2.0 ) and log in, all works fine, except when I log in using an account outside the organization (for example my personal account).现在 SPA 是一个 Angular 应用程序,我使用 Damien Bod 的 OpenId 库登录。当我将 stsServer 指向我的登录端点 ( https://login.microsoftonline.com/{my-tenant-id}/v2.0 )并登录,一切正常,除非我使用组织外部的帐户(例如我的个人帐户)登录。
I get receive the following error:我收到以下错误:
AADSTS50020: User account 'xxxx@xxxx.xxx' from identity provider 'https://sts.windows.net/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/' does not exist in tenant 'Default Directory' and cannot access the application 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'(App Name) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
Now the problem is that I simply don't want to add all these users, but allow them access to this app.现在的问题是我不想添加所有这些用户,而是允许他们访问这个应用程序。 How can I do that?
我怎样才能做到这一点?
Thanks a bunch!谢谢一堆!
If you want to allow any account to sign in, you can't use your tenant-specific login endpoint.如果要允许任何帐户登录,则不能使用租户特定的登录端点。 You need to use the "common" endpoint:
https://login.microsoftonline.com/common/v2.0
.您需要使用“通用”端点:
https://login.microsoftonline.com/common/v2.0
: https://login.microsoftonline.com/common/v2.0
。 This allows login with any Azure AD / Personal Microsoft account.这允许使用任何 Azure AD/个人 Microsoft 帐户登录。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.