1

do I have to register a new app with my MS Account via https://apps.dev.microsoft.com

- or -

can I add simply a new application to my Azure Active Directory?

I'd like to use the OAuth2 Implicit flow to use Single Sign On with Microsoft Graph. I have created a new application via the Azure Portal in our Active Directory, enabled implicit flow "oauth2AllowImplicitFlow": true, in the manifest and enabled multi-tenant environment. The goal is to enable Single Sign On for Personal and Organizational accounts, essentially everyone with an MS account. To authenticate and request new tokens I am using the common endpoint:

public const string AuthorizationEndPoint = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";

public const string TokenEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/token";

However I receive following error message:

https://login.live.com/err.srf?lc=1033#error=unauthorized_client&error_description=The+client+does+not+exist.+If+you+are+the+application+developer%2c+configure+a+new+application+through+the+application+management+site+at+https://apps.dev.microsoft.com/.&state=ABC...EFG

In the Azure Portal I do see the failed sign-ins with following message.

FAILURE REASON The application named X was not found in the tenant named Y. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.

If the app registration credentials are being used, I can successfully authenticate. I'd prefer to have everything to be administrated and maintained through the Azure Portal.

Alx
  • 6,275
  • 7
  • 32
  • 54

2 Answers2

7

Short Answer

Yes, as you're using v2.0 endpoints you have to register your app on the App Registration Portal.

Long Answer

The answer depends on what type of endpoint you're trying to use and thus which accounts you want to support. Apps registered in the Azure Portal are v1.0 apps, whereas apps registered in the App Registration Portal are v2.0 apps.

Here's a great doc that compares the two endpoints. tl;dr below.

v1.0: Supports sign in with Azure AD accounts. Works with ADAL libraries. Can call the Microsoft Graph, other Microsoft resources, your own web API (w/ Access or ID tokens), and has generally supports more scenarios.

Docs Here

v2.0: Supports sign in with Azure AD & Microsoft Accounts (outlook, hotmail, etc.). Works with MSAL & most 3rd party oAuth/OIDC libraries. Can call the Microsoft Graph, and your own web API with ID tokens. More scenarios actively being added.

Docs Here

Daniel Dobalian
  • 3,129
  • 2
  • 15
  • 28
  • Hi Daniel, thanks for a short and long description and the references to the docs. The difference between v1.0 and v2.0 apps makes totally sense to me. Knowing that the Azure portal by default creates only v1 apps helps. However the way I understood was that once you turn on the multi-tenant environment and the implicit flow you should be able to open up authentication. Further, through the app permissions I am able to grant MS Graph access. This was misleading me or bringing up my confusion. – Alx May 25 '17 at 12:26
  • 1
    Hello Daniel, Azure portal has now provisioned app registration for the version 2 endpoint by adding a new section Application Registration (Preview). Apps added via the Application Registration (Preview) blade are v2 apps (they use the v2 endpoint). Apps added via the Application Registration blade are v1 apps (they use the v1 endpoint). Both Application Registration and Application Registration (Preview) are available on portal.azure.com >> Azure Active Directory >> {tenant} Where tenant is the directory you'd like the app to be owned by. – Damilola Boiyelove Jan 04 '19 at 06:27
  • @DamilolaBoiyelove Right you are! The answer above is no longer entirely accurate - app registrations are no longer tied to version endpoints. – Daniel Dobalian Jan 07 '19 at 18:17
4

If you want to sign in users with both Azure AD and Microsoft Personal Accounts, you need to register an application at https://apps.dev.microsoft.com/.

The applications created in this new developer portal are V2 applications, which natively support both types of user accounts. Learn more about the V2 app model here. As of today, the apps created in the Azure Portal will not be able to do this, and will only work for Azure AD accounts.

Today, applications created in the App Registration Portal cannot be managed in the Azure Portal, but it is good feedback that you want to manage all your apps in a single spot.

Try following our guided walkthroughs which should help you get an app up and running from start to finish:

https://learn.microsoft.com/en-us/azure/active-directory/develop/guidedsetups/active-directory-windesktop

Shawn Tabrizi
  • 12,206
  • 1
  • 38
  • 69
  • 1
    Hi Shawn, thanks for your answer. As commented to Daniel above, knowing that the Azure Portal only creates v1 apps helps to understand why its not working. Managing the app registration through an organization rather than an individual account makes more sense to me as everything can be kept in one place and controlled through permissions. – Alx May 25 '17 at 12:31