"Use a tenant-specific endpoint or configure the application to be multi-tenant" when signing into my Azure website
I'm getting this error after I sign into my Azure website:
AADSTS50194: Application 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx' is not configured as a multi-tenant application. Usage of the /common endpoint is not supported for such applications created after '10/15/2018'. Use a tenant-specific endpoint or configure the application to be multi-tenant.
Answer
If you are an Azure administrator getting this message, it may be for the the exact reason that is listed in the error message - you can not use the common API endpoint to MSFT logins to tenant-specific applications.
In my case, I was configuring an app registration with sample code - the sample code needed to be modified with a new endpoint. I.e the following line:
let kAuthority = "https://login.microsoftonline.com/common"
needed to be changed to:
let kAuthority = "https://login.microsoftonline.com/MY_TENANT_NAME"
The tenant name for your Azure organization can be obtained by typing "Tenant Status" into the Azure search bar.
Xamarin: The above note worked for MSAL iOS - for Xamarin MSAL Android/iOS, there was no direct way to set the authority in the main call. It needs to be chained to the interactive login call.
E.g., the sample code here:
authResult = await App.PCA.AcquireTokenInteractive(App.Scopes)
.WithParentActivityOrWindow(App.ParentWindow)
.ExecuteAsync();
Needs to be changed to this:
authResult = await App.PCA.AcquireTokenInteractive(App.Scopes)
.WithAuthority("https://login.microsoftonline.com/YOUR_TENANT_NAME")
.WithParentActivityOrWindow(App.ParentWindow)
.ExecuteAsync();