search

hippogamesunity / SimpleSignIn

A set of assets for Unity to authenticate users on different platforms with OAuth 2.0
4 stars 0 forks source link

Login using Company Microsoft Account #3

Closed flogli closed 3 weeks ago

flogli commented 3 weeks ago

Hi, I have resolved an issue regarding access using a Microsoft corporate account. An error was occurring when attempting to log in using Microsoft Entra with the "Supported account types = Personal Microsoft accounts only" setting.

By creating the application within Microsoft Entra as accessible only to the corporate tenant, it is necessary to reconfigure certain parameters within Unity's example script:

private const string AuthorizationEndpoint = "https://login.microsoftonline.com/[tenantID]/oauth2/v2.0/authorize"; private const string TokenEndpoint = "https://login.microsoftonline.com/[tenantID]/oauth2/v2.0/token"; private const string UserInfoEndpoint = "https://graph.microsoft.com/oidc/userinfo"; private const string LogoutEndpoint = "https://login.microsoftonline.com/[tenantID]/oauth2/v2.0/logout";

Additionally, within the Resources/MicrosoftAuthSettings.asset file, add the Access Scopes element "openid".

This way, the authentication process works for Microsoft corporate accounts.

hippogamesunity commented 3 weeks ago

Hello, thanks for the info!

hippogamesunity commented 3 weeks ago

Also please check if UserInfo returns valid data, as well as ID tokens. As I remember, there were some issues with tenant accounts, like md5 hashes instead of real name or email.

flogli commented 3 weeks ago

You are right! You have to include "openid" into Access Scopes

Then it should works correcly