azure-active-directoryidentityserver3identityserver4azure-ad-b2cazure-ad-msal

Can MSAL be used with my own authority (e.g. IdentityServer)


I have my own identity authority set up using the Identity Server.

I'm running a native windows application and currently I'm using IdentityModel's OidcClient library to connect on the authority and obtain the token.

I want to add support for Azure AD and since I haven't been able to set-up the application on the Azure AD to use HybridWithProofKey flow, and found this MSAL I've decided to give it a shot.

In MSAL there is a PublicClientApplication class with accepts the string authority in its constructor (source)

When passing my URL in this constructor I imagined it would use the discovery service and found the correct endpoints and to its job. But to my suprise this dont work.

I get following error message:
AADSTS50049: Unknown or invalid instance. Search on github MSAL for AADSTS50049 returned zero results. I've cloned the project and started with debugging.

I've figured out that the request is sent to my authority url but instead there is a GET request on the
GET https://login.microsoftonline.com/common/discovery/instance?api-version=1.0&authorization_endpoint=https%3A%2F%2Fmyidentityserverhostname%2Fidentityserver%2Foauth2%2Fv2.0%2Fauthorize HTTP/1.1

This request is done in this source and it returns the error above.

So, is MSAL intended to use with non azure authorities?


Solution

  • No. It's a proprietary client library for their proprietary backend.