-
Notifications
You must be signed in to change notification settings - Fork 87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for tenanted endpoint in Graph explorer. #568
Conversation
Currently to go a tenant in Graph Explorer, we need to create a local account in tenant. After this change a tenantId queryString parameter can be passed and then all login requests will go to that tenant. sample request https://developer.microsoft.com/en-us/graph/graph-explorer?tenantId=abc.onmicrosoft.com if no tenantId is specified, the request goes to common endpoint. Tested the redirection is happening correctly.
@agrabhi Can you explain what scenarios this enables? Is it just for enabling logging into a tenant as a guest user? |
@darrelmiller - yes. Its a huge pain point for everyone I know inside MSFT. So I would not say 'just' :). |
@agrabhi Usually the process is to open an issue to identify the problem and discuss with the team how that feature might be implemented. Using query parameters as a way to expose public features is probably not the ideal solution. We have also been discussing how to address the needs of being able to sign into the B2B tenants and provide access to sovereign clouds. It would be nice to have a single feature that addresses all of these needs. /cc @ddyett @bettirosengugi |
Overview
Currently to go a tenant in Graph Explorer, we need to create a local account in tenant. After this change a
tenant
queryString parameter can be passed and then all idtoken and access token requests will go to that tenant.Tenant parameter can be guid or the domain name for the tenant.
sample request
https://developer.microsoft.com/en-us/graph/graph-explorer?tenant=abc.onmicrosoft.com
if no tenant is specified, the request goes to common endpoint.
RedirectUri notes
MSAL.JS documentation says that default redirect uri is window.location.href but taking a look at
this and this shows that its not complete location but only host part of it.
So I had to modify the change which specifies the redirect url explicitly since the auth requests fail because of that. the redirect uri will come from MSAL like function now. This change was made by @thewahome in #551
Test cases
Testing Instructions
If tenant is specified, user can login to their desired tenant
https://developer.microsoft.com/en-us/graph/graph-explorer?tenant=abc.onmicrosoft.com