Describe the bug
We are having a serious problem when trying to log in via Azure AD Single-tenant.
We've read many forums and many other issues and no solution or answer seems to explain how to correctly configure a native android application, using msal library, to work as it should.
The error says that we are using an incompatible endpoint, but there is no way to force an endpoint in the current configuration of the msal.config file. We are currently with our hands tied.
We did all the setup correctly. We chose "Accounts in this organizational directory only - single tenant" in Supported Account Types.
We configure the return URLs using package name + sha when adding the Android platform.
We configured msal_config.json as shown:
{
"client_id": "my-client-id",
"redirect_uri": "msauth://my-package-name/sha",
"broker_redirect_uri_registered": true,
"authorities": [
{
"type": "AAD",
"audience": {
"type": "AzureADMyOrg",
"tenant_id": "my-tenant-id"
}
}
]
}
We configure the intent-filter in android manifest as shown:
<activity
android:name="com.microsoft.identity.client.BrowserTabActivity">
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data
android:scheme="msauth"
android:host="my-package-name"
android:path="/sha" />
</intent-filter>
</activity>
Smartphone (please complete the following information):
Device: OnePlus 3T
Android Version: 9
Browser Chrome and Edge
MSAL Version: 2.+
Stacktrace
Authentication failed: com.microsoft.identity.client.exception.MsalServiceException: AADSTS50194: Application 'my-tenant-id-here'(PORTAL_APPGAMIFICATION) is not configured as a multi-tenant application. Usage of the /common endpoint is not supported for such applications created after '10/15/2018'. Use a tenant-specific endpoint or configure the application to be multi-tenant.
Trace ID: db590646-c5c9-4c06-8af5-d826f4127301
Correlation ID: cafd4040-eb7c-4ebb-ac08-3950048fd58e
Timestamp: 2021-07-12 10:17:58Z
To Reproduce
Steps to reproduce the behavior:
1 - Set up an Azure app with single-tenant
2 - Configure the android platform with your package name and the sha generated with your subscription key
3 - Configure msal.config as indicated above
4 - Try running the app on your mobile
Expected behavior
It was expected that the token would be returned and the login process would complete.
Actual Behavior
The login process runs well halfway through. The app correctly opens the Microsoft login screen, you can fill in the user's email and password, but when you go to login, this error appears in the android LOG:
Application 'my-tenant-id-here'(PORTAL_APPGAMIFICATION) is not configured as a multi-tenant application. Usage of the /common endpoint is not supported for such applications created after '10/15/2018'. Use a tenant-specific endpoint or configure the application to be multi-tenant.
Additional context
We don't want multi-tenant. We don't want any logins that aren't from within our organization's directory. It makes no sense to reconfigure Azure AD to "multi-tenant", the library should work fine with the single-tenant option.