无法使用 JavaScript 使用 outlook 帐户登录 Azure AD v2 帐户
Can't login to Azure AD v2 account with outlook account using JavaScript
我正在尝试从 http://aka.ms/aaddevv2 using https://github.com/AzureADQuickStarts/AppModelv2-WebApp-OpenIDConnect-nodejs (master branch @ b752987b7367fc92692ac538e1fc24cb400d0fbc), however I can't seem to log in with accounts created outside of the user who created the the app at https://apps.dev.microsoft.com/?deeplink=/appList.
设置 Azure AD v2
在apps.dev.microsoft.com端,我有:
- 应用程序 ID,并在 config.js 文件中分别创建了一个密码,我在
clientID
和 clientSecret
中使用了该密码。
- 在
Redirect URLs
下添加了 http://localhost:3000/auth/openid/return
Delegated Permissions
部分有 User.Read
我还需要设置什么吗?我在代码中遗漏了什么吗?
使用设置帐户以外的帐户登录时出现的错误是:
Sign in
Sorry, but we’re having trouble signing you in.
AADSTS50020: User account '[email]' from identity provider 'live.com' does not exist in tenant 'Default Directory' and cannot access the application '[clientID]' in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
您需要设置身份元数据URL以允许个人帐户。
例如:
identityMetadata: 'https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration'
如果您只想允许个人帐户,您可以使用 consumers
而不是 common
。
我正在尝试从 http://aka.ms/aaddevv2 using https://github.com/AzureADQuickStarts/AppModelv2-WebApp-OpenIDConnect-nodejs (master branch @ b752987b7367fc92692ac538e1fc24cb400d0fbc), however I can't seem to log in with accounts created outside of the user who created the the app at https://apps.dev.microsoft.com/?deeplink=/appList.
设置 Azure AD v2在apps.dev.microsoft.com端,我有:
- 应用程序 ID,并在 config.js 文件中分别创建了一个密码,我在
clientID
和clientSecret
中使用了该密码。 - 在
Redirect URLs
下添加了 Delegated Permissions
部分有User.Read
http://localhost:3000/auth/openid/return
我还需要设置什么吗?我在代码中遗漏了什么吗?
使用设置帐户以外的帐户登录时出现的错误是:
Sign in Sorry, but we’re having trouble signing you in.
AADSTS50020: User account '[email]' from identity provider 'live.com' does not exist in tenant 'Default Directory' and cannot access the application '[clientID]' in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
您需要设置身份元数据URL以允许个人帐户。
例如:
identityMetadata: 'https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration'
如果您只想允许个人帐户,您可以使用 consumers
而不是 common
。