I know this question gets asked a lot, but none of the other questions answers have helped me so far.
I'm trying to use Microsoft OAuth2 in my Web App to access users Minecraft Account Names / UUIDs.
What I tried so far:
I Already created an Azure AD application, but I can't add the required permissions (XboxLive.signin and XboxLive.offline_access) because the permissions in question aren't visible to my in the "Request API permissions" menu in the Azure portal.
According to this thread:
I need to first register my app via the Microsoft Partner Center, but the option "App Management" where I should do that, according to this page:
also isn't visible to me.
According to this thread:
I need to become a CSP tenant and either an indirect provider or a Direct bill partner.
(I don't know what any of that means)
In order to become a CSP tenant, according to this page:
I need to enroll here:
After clicking "Become A Partner", checking the first checkbox that say "partner" and clicking "next", I have to decide whether to sign in with an organization account or an individual account.
Because I am an individual developer, I click the bottom option. After logging in with my account, I am now greeted with the following message and can't click anything:
I don't have a "work account".
- My first question is, if this is all really necessary? There are a lot of Minecraft clients/launchers, and they overcame this problem somehow, so I'm asking myself if there is a simpler solution that I overlooked.
This person: https://learn.microsoft.com/en-us/answers/questions/1251517/where-is-the-xboxlive-scope-in-azure-ad-app solved the issue by using the consumer's endpoint and adding the required permission in their request, but I’m already doing that. In my case, at first, it looks like it's working, I get redirected to https://login.microsoftonline.com/consumers/, It asks for the Xbox permissions and after that I get redirected back to my Web App where I get an "Unauthorized" error when the from Microsoft returned code should be validated. This process works, if I remove the "XboxLive.signin" from the redirect URL.
- Second question. If there is no easier way, what can I do to register as an CSP and an indirect provider or a Direct bill partner? Do I need a new Microsoft account? I already set up a pay as you go subscription for this account. Besides that, I am hesitant to change my account because I already applied with my current Azure App for Mojang (Minecraft Developer) API Access and got accepted.
Just in case this matters somehow, I'm using SvelteKit for the Web App, Lucia 2.7.1 for OAuth / sign in and this API endpoint: https://login.microsoftonline.com/consumers/oauth2/v2.0/.
This is the Lucia documentation for the Login process I use: