![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 46%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBB%3C/text%3E%3C/svg%3E)
25,081 questions
Thank you for posting your query on Microsoft Q&A, from above description I could understand that you are looking for a way to allow users to choose domain and application ID at the time login to your multitenant MSAL Angular application.
Please do correct me if this is not the case by responding in the comments section.
Following MSAL Angular Multi-Tenant scenario I found the Dynamic auth request method.
By default the MsalGuard and the MsalInterceptor use the static properties set in the config. Both can also be configured with a method for the authRequest, allowing the parameters used for authentication to be changed dynamically.
MsalInterceptor - dynamic auth request (multi tenant tokens)
If organizations or common is used as the tenant, all tokens will be requested for the users' home tenant. However, this may not be the desired outcome. If a user is invited as a guest, the tokens may be from the wrong authority.
Setting the
authRequestin the MsalInterceptorConfig to a method allows you to dynamically change the auth request. For instance, you may set the authority based on the home tenant of the account when using guest users. Properties onauthRequestmay be changed, but should always extend theoriginalAuthRequestlike below:
export
The tenant can also be set dynamically by instantiating a new instance of MSAL in the relevant component, as shown below.
import
OR the other way around you may try :
In this example, the environment.ts file contains an object called domains that maps each domain to a corresponding client ID. The login method in the LoginComponent retrieves the selected domain and uses it to dynamically set the client ID. The MSAL service is then configured with the selected client ID, and the loginRedirect method is called to initiate the login process.
But going by authority: 'https://login.microsoftonline.com/common' endpoint may not meet the requirement and you may need to have this updated with method suggested in auth request in previous example.
import
Please "Accept the answer (Yes)" and "share your feedback ". This will help us and others in the community as well.
Thanks,
Akshay Kaushik
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 19%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGC%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 39%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJY%3C/text%3E%3C/svg%3E)