Share via

Is it possible to call Custom Authentication Extension with personal MS accounts?

Sebastiaan Kolster 10 Reputation points
2023-06-22T14:41:59.0833333+00:00

Context:

I've created a full authentication flow for my app which includes microsoft's new custom authentication extension by following the documentation.
I made a working prototype, after which i realised i also need personal accounts to log in. So i went in the manifest, changed

"accessTokenAcceptedVersion": 2,
"signInAudience": "AzureADandPersonalMicrosoftAccount"

AccessTokenVersionDocumentation

Login still worked for my AzureAd account.

After some more digging i found out Here that on the Client i had to change the authority value to be "https://login.microsoftonline.com/{TENANT_ID}common"

I can log in with both personal and work account but the custom authentication extension is not called anymore, and the tokens i get don't contain those extra claims.

On the client i am using @azure/msal-react@1.5.4 and @azure/msal-browser@2.37.0

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,208 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shweta Mathur 29,006 Reputation points Microsoft Employee
    2023-07-21T10:19:18.78+00:00

    Hi @Sebastiaan Kolster

    Apologies for the delay in response.

    Access tokens for personal Microsoft accounts can't be decoded due to security reasons. You can only decode id token using jwt.ms for personal accounts.

    The token you are getting in this scenario is an id token which only contains details about the user.

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.