When restricting an application's access to you tenant, you get a POST error because the error is not handled correctly.
To replicate, set up an application with access to you tenant only, log into a tenant that does not have access and try to enter site.
Error:
{
"error": "interaction_required",
"error_description": "AADSTS90072: User account '{EmailHidden}' from identity provider 'https://sts.windows.net/id/' does not exist in tenant 'tenant' and cannot access the application 'id'(app name) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account Trace ID: tenantid Correlation ID: coorid Timestamp: 2020-02-09 17:33:33Z",
"error_uri": "https://login.microsoftonline.com/error?code=90072"
}
How to fix; Add handling of AADSTS90072 error code to fail in middleware.
if($errorDescription == "AADSTS90072"){
// Do appropriate response and offer logoff and login?
}
When restricting an application's access to you tenant, you get a POST error because the error is not handled correctly.
To replicate, set up an application with access to you tenant only, log into a tenant that does not have access and try to enter site.
Error:
How to fix; Add handling of AADSTS90072 error code to fail in middleware.