This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 54%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENT%3C/text%3E%3C/svg%3E)
I am trying to integrate "Sign in with Microsoft" option into my Flask application via Microsoft Entra ID. I have followed strictly all steps described in these two official MS tutorials:
And I have checked multiple times that the supported account types are "Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)".
The manifest is set up correctly too with:
"signInAudience": "AzureADandPersonalMicrosoftAccount"
For my Flask application, I am using Python's identity package and more specifically identity.web.Auth in the following way:
# Registering the client
microsoft_client_id = "my_client_id_here"
microsoft_client_secret_value = "my_clent_secret_here"
authority = "https://login.microsoftonline.com/common"
microsoft = identity.web.Auth(
session=session,
authority=authority,
client_id=microsoft_client_id,
client_credential={"client_secret": microsoft_client_secret_value}
)
# View function for logging in
@authnetication.route("/auth/microsoft_login", methods=["POST", "GET"])
def microsoft_login_api():
redirect_uri = url_for('authentication.auth_microsoft_callback', _external=True)
return redirect(microsoft.log_in(
scopes=["User.Read"],
redirect_uri=redirect_uri
).get('auth_uri'))
@authnetication.route('/auth/microsoft/callback')
def auth_microsoft_callback():
logging.info("Callback triggered.")
However, whenever I go to the login page and enter my outlook email, I keep getting the error message "You can't sign in here with a personal account. Use your work or school account instead."
I feel like this is an issue on Microsoft side, as I have done all steps exactly as described in the official tutorials and still it is not working... Can someone please support with this?
It is worth mentioning that I am using a free trial tenant account currently and also my redirect URI is on localhost ("http://localhost:5101/auth/microsoft/callback").
Update: I tried integrating the Microsoft login via Authlib as well and I got the same issue, which just confirms that the issue has to be on Microsoft's side.
Updated implementation:
# Registering the client
microsoft = oauth.register(
name='microsoft',
client_id=os.getenv('MICROSOFT_CLIENT_ID'),
client_secret=os.getenv('MICROSOFT_CLIENT_SECRET_VALUE'),
client_kwargs={
'scope': 'openid email profile',
},
server_metadata_url=f'https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration',
redirect_uri='http://localhost:5101/auth/microsoft/callback'
)
# View functions
@authnetication.route("/auth/microsoft_login", methods=["POST", "GET"])
def microsoft_login_api():
redirect_uri = url_for('authentication.auth_microsoft_callback', _external=True)
return app.microsoft.authorize_redirect(redirect_uri)
@authnetication.route('/auth/microsoft/callback')
def auth_microsoft_callback():
token = app.microsoft.authorize_access_token()
user_info = app.microsoft.parse_id_token(token)
session['user'] = user_info
...
Hi @Nikola Tonev , so sorry for the delay! Did you grant the "User.Read" permission to your app registration? Have you tried testing this with a different email?