When using NewInteractiveBrowserCredential, we are seeing
"Selected user account does not exist in tenant 'Microsoft Services' and cannot access the application '' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account."
Our app is set up with "Supported account types" = "Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)" and our goal is for any Microsoft user to be able to log in through our app.
Example Code:
cred, _ := azidentity.NewInteractiveBrowserCredential(&azidentity.InteractiveBrowserCredentialOptions{
ClientOptions: policy.ClientOptions{
Cloud: cloud.AzurePublic,
},
AdditionallyAllowedTenants: []string{"https://login.microsoftonline.com/common"},
ClientID: clientId,
TenantID: tenantId,
RedirectURL: "http://localhost:4300/login_microsoft",
})
token, err := cred.GetToken(context.TODO(), policy.TokenRequestOptions{
Scopes: []string{"openid", "profile", "email"},
TenantID: tenantId,
})
fmt.Printf("%+v\n", err)
fmt.Printf("%+v\n", token)
We attempted to use NewInteractiveBrowserCredential to allow any Microsoft user to log in to our app. We received "Selected user account does not exist in tenant 'Microsoft Services'" after attempting login.