none
How to use Oauth with PKCE for outlook.com RRS feed

  • Question

  • Hi team,

    I am trying to configure an outlook.com account with OAuth. I am able to configure if I use client id and client secret. But I want to use PKCE instead of using client secret. When I use AppAuth library with PKCE for the same end points then it doesn't work. Am I supposed to use some different endpoints for authentication or is there other configuration required for this?

    I went through this document: 

    https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code

    But I see below error after entering email address and password in the WebView for authorization:

    "Sign in Sorry, but we’re having trouble signing you in. AADSTS50020: User account ‘bob1bob098@outlook.com’ from identity provider ‘live.com’ does not exist in tenant ‘bob’ and cannot access the application (TestApp) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account."

    After registering the application, I provided "Microsoft Graph" permissions to the app. Do you have any idea on what I am missing here?

    Can you please help?

    Thursday, March 21, 2019 6:16 AM

Answers