unauthorized_client when using orginizational directories

Aaron Burton 96 Reputation points

I am trying to create a web app for students at my school. We are a Microsoft school, all students have a Microsoft account associated with their name. I'd like to use that to sign in to my web app. So I've been experimenting with ways to get that sign-in to work, and keep getting stuck.
If I create an Azure Active Directory App registration and select either of the "Accounts in this (or any) organizational directory", I get the following error when I try to log in:
unauthorized_client: The client does not exist or is not enabled for consumers.
If I create the App registration and select "Accounts in any... and personal Microsoft accounts", it tells me my school email does not exist. (Yes, I verified spelling on it, and logged in on live.com just to make sure the account is working fine.) My personal Microsoft account works fine with this setup.
Being as this web app is designed just for the school, ideally I would want "Accounts in this organizational directory" as my option. But I would be happy with the "personal Microsoft accounts" option, if it would recognize my school email. How can I sign in with my school email to my web app?

Using Django 3.0 and social-auth-app-django library with Live.com OAuth2.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,765 questions
0 comments No comments
{count} votes

1 additional answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 24,396 Reputation points Microsoft Employee

    If you are are trying to go through Live you need to make sure that Live has tenant access per the application confi. Please make sure you have updated the app to support live SDK and multi tenancy: https://account.live.com/developers/applications/index

    Also, please check the app manifest and app config file and ensure that the right tenant is listed in these.