I already tried the following: .I set the Supported account types: All Microsoft account users .In the Manifest file I changed :
"allowPublicClient": true,
"signInAudience": "AzureADandPersonalMicrosoftAccount",
.I granted admin consent about permissions and consent
Im following the code I found in documentation
#region Authentication
var authBuilder = PublicClientApplicationBuilder.Create(clientId)
.WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs)
.WithRedirectUri(redirectUri)
.Build();
var scope = resource + "/.default";
string[] scopes = { scope };
AuthenticationResult token =
authBuilder.AcquireTokenInteractive(scopes).ExecuteAsync().Result;
#endregion Authentication
I created an Azure AD Multi-Tenant Application (Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts):
Granted Dynamic CRM API permission:
For sample, I used the below endpoint to authorize users:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
client_id=ClientID
&response_type=code
&redirect_uri=https://jwt.ms
&response_mode=query
&scope=https://admin.services.crm.dynamics.com/user_impersonation
&state=12345
And I got the same error while trying to sign-in with Personal account:
Note that: Dynamics CRM API is used in a business or enterprise context, where must have work or school accounts that are associated with an Azure AD tenant.
I tried to sign-in with Work Account, and is successfully signed-in :
I am able to generate access token successfully using below parameters via Postman:
https://login.microsoftonline.com/common/oauth2/v2.0/token
client_id:ClientID
grant_type:authorization_code
scope:https://admin.services.crm.dynamics.com/user_impersonation
code:code
redirect_uri:https://jwt.ms
client_secret:ClientSecret