Not an issue - Potential problem solver for microsoft authorization error "Usage of the /common endpoint is not supported"

[ArthurBorsboom]

This is not an issue with oama, but an addition to a potential (future) problem solver for common errors.

For anyone running into an authorization error with a Microsoft account Usage of the /common endpoint is not supported a potential solution is provided in the error message: Use a tenant-specific endpoint or configure the application to be multi-tenant.

In my case it helped to change the multi-tenant setting in the Microsoft Azure portal.

[Azure] > [App registration] > [Authentication] > [Supported account types] > [Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)]

Full error message:

Authorization started ... 
{"error":"invalid_request","error_description":"AADSTS50194: Application 'xxxxxxxxxxxxxxx'(xxx: xxx, xxx, xxx) is not configured as a multi-tenant application. Usage of the /common endpoint is not supported for such applications created after '10/15/2018'. Use a tenant-specific endpoint or configure the application to be multi-tenant. Trace ID: xxxxxxxxxxxxxxx Correlation ID: xxxxxxxxxxxxxxx Timestamp: 2024-05-23 07:46:01Z","error_codes":[50194],"timestamp":"2024-05-23 07:46:01Z","trace_id":"xxxxxxxxxxxxxxx","correlation_id":"xxxxxxxxxxxxxxx"}
Authorization failed.

[pdobsan]

This is not an issue with oama, but an addition to a potential (future) problem solver for common errors.

Tangentially related: every field in the services section of the output of the oama printenv command can be changed in the config file.

[swaeberle]

Maybe its better to keep the application single-tenant and use https://login.microsoftonline.com/organizations/ as base URL for the endpoints.

At least that's working in my case.