Unable to authenticate Microsoft personal account using OAuth2

Question

I have an application that uses OAuth2 to authenticate to M365 standard users, works fine. Now we have a user with an outlook.com address that does not work. Based on some documentation I found, I changed the login url to:

https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=...

(for standard users, I have "common" instead of "consumers".

I also needed to change two properties in the manifest of my application in Azure AD:

"accessTokenAcceptedVersion": 2,
"signInAudience": "AzureADandPersonalMicrosoftAccount",

With these changes, I get to the Microsoft login screen, followed by the request for permissions. Once I accept, I get the error message "Sorry, but we're having trouble signing you in", followed by "AADSTS90023 Microsoft account logins are not supported".

Meanwhile, I get an email from Microsoft saying "New App(s) have access to your data". Any idea how I can get this working?

Answer 1

I created an Azure AD Multitenant Application:

Note that: You can make use of common endpoint to authenticate both Multitenant and Microsoft personal account users as the signInAudience is AzureADandPersonalMicrosoftAccount. Refer this MsDoc.

I used the below endpoint to authenticate Multitenant and Microsoft personal accounts users"

Even using consumers endpoint, the Microsoft Personal users must be able to authenticate.

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
&client_id=ClientID
&response_type=code
&redirect_uri=https://jwt.ms
&response_mode=query
&scope=https://graph.microsoft.com/.default
&state=12345

And I got the email:

If still the issue persists, Check the below:

• The error "AADSTS90023 Microsoft account logins are not supported" usually occurs if the Azure AD Application is not configured to support sign of personal accounts.
• Try singing in with other Microsoft personal account user and check.
• Try signing in Incognito window and check.