search

Azure-Samples / ms-identity-python-devicecodeflow

A Python sample of a browserless app using the device code flow to get tokens to call Microsoft Graph API
MIT License
25 stars 17 forks source link

Device code flow not working with /common #5

Open SaeedAkhter-MSFT opened 4 years ago

SaeedAkhter-MSFT commented 4 years ago

https://github.com/Azure-Samples/ms-identity-python-devicecodeflow/blob/bb57d559d27f6ed2543846f25412349a1072f764/parameters.json#L2

For some reason, I'm unable to do device code flow with /common.

"AADSTS50059: No tenant-identifying information found in either the request or implied by any provided credentials.\r\nTrace ID: 0429e904-7771-4175-a8c6-366cb0b30400\r\nCorrelation ID: 54a1a1ab-cb1f-4b26-a7cb-34315391d301\r\nTimestamp: 2020-10-10 22:29:22Z",

I made sure that Default to Public Client on the app registration is set. If I change /common to /microsoft.com in parameters.json, then this sample works perfectly.

I am using a multi-tenant app. Who can use this application or access this API? Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)

Is this expected? Does the app need to be audience AAD-only? If so, we better update the documentation and samples.

jmprieur commented 3 years ago

@rayluo did you see this issue?

rayluo commented 3 years ago

@rayluo did you see this issue?

No. Somehow this repo is not on my subscription list.

Regarding to the topic in this issue, it is supposed to work. We even explicitly switched to use ".../common" in our main repo's sample here. I guess we would need a repro for this issue for further investigation.

lluuiissoo commented 7 months ago

I got same error when using out-of-the-box version of repo: "AADSTS50059: No tenant-identifying information found in either the request or implied by any provided credentials..."

I solved it by replacing "/common" with "/tenantid": "authority": "https://login.microsoftonline.com/<my-tenant-id>"