Single tenant - Guest Account login error - Null Token

[anujabhojani]

1. Updated the GraphAuthProvider.cs for supporting single tenant. _app = ConfidentialClientApplicationBuilder.Create(azureOptions.ClientId) .WithClientSecret(azureOptions.ClientSecret) .WithTenantId(azureOptions.TenantId) .WithAuthority(AzureCloudInstance.AzurePublic, AadAuthorityAudience.AzureAdMyOrg) .WithRedirectUri(azureOptions.BaseUrl + azureOptions.CallbackPath) .Build(); Azure App updated for Single Tenant:

2. From Azure Portal, Invited the Guest User.

3. Tried to login with Guest account, login url goes into loop. Debugging shows that getting the null in var account = await _app.GetAccountAsync(userId);

Any help to solve this issue?

[mark-szabo]

I was able to repro the issue. The problem is, that the guest user's token is cached, but the identifier consists of the guest user's original oid and tenant id. In contrast, when we are getting the account, we are trying to do that with the guest tenant's tenant id and the guest oid of the guest user (users get new oids when they join an external AD). And that's why account is null.

@jmprieur do you have any info about this? How should this case be handled?

[jasonjoh]

Closing issue as we are archiving this repository.