Getting error in microsoft api while using SSO feature in teams tab app with multi teanant, It is wokring good with single tenant

Question

Getting error in microsoft api while using SSO feature in teams tab app with multi teanant where sso feature is implement using teams toolkit add feature section by using SSO enabled Tab

I want to implement sso feature over teams tab app, so I used to team toolkit to implement the feature, The sso is working with my teant microsoft account but not working with other teanant account

Error Detail mention below:-

{error: "invalid_resource",…}
correlation_id: "4c3b68b7-e486-4a0b-9f6b-18daca87d36a"
error: "invalid_resource"
error_codes: [500011]
0: 500011
error_description: "AADSTS500011: The resource principal named api://myconnectprodc5820ctab.z10.web.core.windows.net/dc64f450-283f-4d88-88ca-2746d5898f15 was not found in the tenant named Contoso. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: 43460303-4cfb-4426-af97-d82fff0e6b00\r\nCorrelation ID: 4c3b68b7-e486-4a0b-9f6b-18daca87d36a\r\nTimestamp: 2023-05-30 11:55:44Z"
error_uri: "https://login.microsoftonline.com/error?code=500011"
timestamp: "2023-05-30 11:55:44Z"
trace_id: "43460303-4cfb-4426-af97-d82fff0e6b00"
===============================================================================================
POST https://login.microsoftonline.com/5ec8afbc-af51-44e6-87dc-d90f5b953f77/oauth2/v2.0/token 400 (Bad Request)
(anonymous) @ msal-browser.min-8cecb01.js:1
(anonymous) @ msal-browser

==============================================================================================
payload details:

client_id:

5e3ce6c0-2b1f-4285-8d4b-75ee78787346

scope:

api://myconnectprodc5820ctab.z10.web.core.windows.net/dc64f450-283f-4d88-88ca-2746d5898f15/.default openid profile offline_access

grant_type:

refresh_token

client_info:

1

x-client-SKU:

msal.js.browser

x-client-VER:

2.19.0

x-client-OS:

 

x-client-CPU:

 

x-ms-lib-capability:

retry-after, h429

x-client-current-telemetry:

5|61,0,,,|,

x-client-last-telemetry:

5|0|61,7f9cc446-4a2e-45ac-87ef-55257d77f401|invalid_resource|1,0

client-request-id:

f92f2e44-60d3-4a82-9655-05e0347d369e

refresh_token:

0.AVAAvK_IXlGv5kSH3NkPW5U_d8DmPF4fK4VCjUt17nh4c0Z_AJ8.AgABAAEAAAD--DLA3VO7QrddgJg7WevrAgDs_wUA9P9L-NHcSdt1rFT1kQ5tIqlFsPhVRFKRoqeH9b2WN1RuAh985KMjgz7Y_tXk4IpwCSNB2nZBo9_iYCqAiUVPxtnrMYobUc_L-5uzAt64bGTOVbDdGCyuYS3O9r-0ZwUzvo8VkfqSqyyKInSxNMcvSjZlGSUjGkDGDRLsVvI6ys7g8__leM8P_agpEeEmgvEuPp-LA8sKanopWIcEmy8CchIwsWv7FtwcqLJppVfv7EP40avv6dE1Djg26HuSewbt81K8iBdNwXm4lgBpcNDlhxRATuoOJoLeI03D7JqueeCmTzDM8SYw0AGamCBwpA-v-DqdQG5Nn_e09yzFe61t2GsQGkF9c0iZ2YyA8UO5l3rHWTfyBoDaKgKwKM54_7SYBF2I-v-GXaw0SLEeR3v7A3fuMsT2meMofz7MCgtYhuefEpDQWnkS9pPT1ZsRWYhKAAzUQaXXafoEM1VQwbiueHxRojDF8g0EqPCIbmzYKoP-nsGFm_fDsOonYc7s8UmaImmMfn_S-gzSAiRQpkbTnNxY6jjSUMBrYakjOQ94oh2vcSAGhHTih2IxmAUbrcZve4qxF25zN8xZwcoK21oM9vY6AZBcmGsEtUQ8y1nGkOT_Reg6CZgZbb3NxS-qQ-kuGNPrFavhBDIqQQpfZ8kqZs4AlJnqP2MWn4N9moek0hECPwRNEXulZroDc7CMnsHw_GiKl05CAGOlywny2IhMIp1T8hhzrD5JRzRo117clyeHwtNEf37OM1oMrffBLvL7RZ9YN18eAE5605qHoMGN9fldyy4OBnZfr9vgTzwy7sVRXpv7xzmPzh9XHq4LYIQtc5yi8DthHDTLbVp64V1O6gQo1JOEufbJ0NMrmuzl2HpYzQ91sr1APKBZ2Z7bnh62JZqBMl7V_2GSfhhGY01l2IRpy3VWUcs7XRB5w_KvEe4VhZXzK67ltg-wF0k2Bj8l4JzkfJmgUOVcCF-_7hYdfo6sVgkAeZpE1WDsJJ9esjhxbNEY1CzlxuTcd1PMXe5vt68LLvW5ebj0JR6WsH8ZfHgqRIgUG-jTkBYILPauZhU

X-AnchorMailbox:

Oid:83675ef5-a7ce-411e-912f-117d9bbca371@5ec8afbc-af51-44e6-87dc-d90f5b953f77

Expecting Multi tenant login feature

Answer 1

When SSO is enabled, Teams Toolkit will by default provision a single-tenant Azure AD app, which means only user and guest accounts in the same directory as your M365 account can successfully sign in to your Teams app.

we are using auth code flow for authentication now, latest projects created by Teams toolkit will not contain simple auth service. Now you can refer to this for multi tenant apps.