Cannot use personal account to log in with MS Entra ID when integrating with Flask.

Nikola Tonev 0 Reputation points
2024-09-07T07:42:39.92+00:00

I am trying to integrate "Sign in with Microsoft" option into my Flask application via Microsoft Entra ID. I have followed strictly all steps described in these two official MS tutorials:

https://learn.microsoft.com/en-us/entra/external-id/customers/tutorial-web-app-python-flask-prepare-tenant

https://learn.microsoft.com/en-us/entra/external-id/customers/tutorial-web-app-python-flask-sign-in-sign-out?tabs=windows

And I have checked multiple times that the supported account types are "Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)".

The manifest is set up correctly too with:


"signInAudience": "AzureADandPersonalMicrosoftAccount"

For my Flask application, I am using Python's identity package and more specifically identity.web.Auth in the following way:


# Registering the client
microsoft_client_id = "my_client_id_here"
microsoft_client_secret_value = "my_clent_secret_here"
authority = "https://login.microsoftonline.com/common"

microsoft = identity.web.Auth(
    session=session,
    authority=authority,
    client_id=microsoft_client_id,
    client_credential={"client_secret": microsoft_client_secret_value}
)

# View function for logging in

@authnetication.route("/auth/microsoft_login", methods=["POST", "GET"])
def microsoft_login_api():
    redirect_uri = url_for('authentication.auth_microsoft_callback', _external=True)
    return redirect(microsoft.log_in(
        scopes=["User.Read"],
        redirect_uri=redirect_uri
    ).get('auth_uri'))


@authnetication.route('/auth/microsoft/callback')
def auth_microsoft_callback():
    logging.info("Callback triggered.")

However, whenever I go to the login page and enter my outlook email, I keep getting the error message "You can't sign in here with a personal account. Use your work or school account instead."

I feel like this is an issue on Microsoft side, as I have done all steps exactly as described in the official tutorials and still it is not working... Can someone please support with this?

It is worth mentioning that I am using a free trial tenant account currently and also my redirect URI is on localhost ("http://localhost:5101/auth/microsoft/callback").

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,874 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,695 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.