I have a use case where I want someone to login with their Microsoft account in order to get a token for the Graph API.
For my specific use case I would like the user to be forced to login with one specific account in case they have more than one.
Is there a way to force this with the login URL?
For now the only thing I found is changing the common in the URL to the tenant GUID, this results in an error "You cannot access this right now" if the user selects an account in another tenant. It would be better if the user can't even choose another one, even one in the same tenant.
https://login.microsoftonline.com/common/oauth2/v2.0/authorize → https://login.microsoftonline.com/{TenantGuid}/oauth2/v2.0/authorize
I'd like to able to include the user GUID to the URL or the email like "person@company.com" for example but I didn't find anything like that being possible, is this correct?
Also, the prompt I selected for the login screen was &prompt=consent because the user needs to consent to the permissions again, as a requirement on our end.
I found the answer.
By adding &login_hint=person@company.com I can force the screen to auto select the right account.