I am trying to create a web app for students at my school. We are a Microsoft school, all students have a Microsoft account associated with their name. I'd like to use that to sign in to my web app. So I've been experimenting with ways to get that sign-in to work, and keep getting stuck.
If I create an Azure Active Directory App registration and select either of the "Accounts in this (or any) organizational directory", I get the following error when I try to log in:
unauthorized_client: The client does not exist or is not enabled for consumers.
If I create the App registration and select "Accounts in any... and personal Microsoft accounts", it tells me my school email does not exist. (Yes, I verified spelling on it, and logged in on live.com just to make sure the account is working fine.) My personal Microsoft account works fine with this setup.
Being as this web app is designed just for the school, ideally I would want "Accounts in this organizational directory" as my option. But I would be happy with the "personal Microsoft accounts" option, if it would recognize my school email. How can I sign in with my school email to my web app?
Using Django 3.0 and social-auth-app-django library with Live.com OAuth2.