Reputation: 1428
MS OAuth aunthentication - work account only
For my app I'am using the OAuth authentication. I know user's email, so I'm passing the login_hint param to the authorize endpoint: https://login.microsoftonline.com/TID/oauth2/v2.0/[email protected]. There is a chance user has both accounts personal and work for the email, like this:
Is there any parameter or way how to "setup" the endpoint to offer the work account only? I don't want to allow the user log in with the personal account.
Upvotes: 0
Views: 116
Answers (1)
Reputation: 3581
Users can have multiple "work" accounts too, and "work" is relative to a specific Azure AD/Office 365 tenant. You may have a work email address for a user whose company does not use Azure AD or Google GSuite, and while it's a "work" email address, that won't work either.
In the general case, there is no way to tell what a "work" email is; the real question is, is it a valid account inside an Azure AD/Office 365 tenant? And the only way to know that for certain is to have them log into that tenant (the TID in the URL); if it works, then it is a valid account. If not, it isn't a valid account. The login_hint will actually help with that because it will try a "silent login" that will log the user in without having to re-enter their credentials (kind of like SSO but it's not really SSO; the login dialog will briefly pop up). If the user isn't already logged in on that device to that tenant, they will see the login experience. I think that's what you want.
Upvotes: 1
Related Questions
- Microsoft Teams - how to get auth-token for api calls
- How to connect two accounts in Microsoft Team
- Authentication for in-meeting Microsoft teams app
- Auth0 login for Microsoft Teams application
- Microsoft Teams Authentication
- Teams Messaging Extensions Config Auth
- How to authenticate in microsoft teams tab?
- OAuth Card in MS Teams?
- Microsoft Teams Client Credentials Flow
- Teams tab authentication