Firebase login with Microsoft

Question

I've been working with this feature and it seems its hard for find any article about how to setup Firebase and Microsoft.

I already created my App within Microsoft Azure (single Tenant) and setup the URI of my app. Now when I trigger the login from my app it always send me an error of:

invalid_request: The provided value for the input parameter 'redirect_uri' is not valid. The expected value is a URI which matches a redirect URI registered for this client application.

Now, I add my tenant_id in my provider, it seems it works but only user who has access to this tenant can continue.

Selected user account does not exist in tenant '------' and cannot access the application '' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account.

let me know how to use it.

Thanks!

Answer

I think I had the same issue, and I finally figured it out. You need to specify "common" as your tenant, rather than your tenant ID in your firebase call. This sends you to the correct url for the Microsoft Identity provider: https://login.microsoftonline.com/common/oauth2/v2.0 whereas providing my tenant id there requested the personal login against my tenant, which is not what I wanted. Not sure if it will help you, but this solved my issue with Firebase MS Identity, so figured I would share.

const provider = new OAuthProvider("microsoft.com");
provider.setCustomParameters({
  prompt: "login",
  // tenant: "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", <-- points to incorrect url
  tenant: "common",
});

Answer

Hello @Randolf Alegre · Thank you for reaching out.

When you register the application as Single Tenant app under Azure AD > App Registration, it requires users to be present in the same tenant. If you try to sign-in using a user account from another tenant, you are expected to get below error:

Selected user account does not exist in tenant '------' and cannot access the application '' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account.

To allow users from other tenants to sign-in, you need to register Multi-tenant App under App Registration blade of Azure AD. If you still encounter any errors, please share the correlation id that you get along with the error.

Read more:

Get a general understanding of what it means to be a multi-tenant application
Get a general understanding of how to configure an application to be multi-tenant
Get a step-by-step overview of how the Azure AD consent framework is used to implement consent, which is required for multi-tenant applications
For more depth, learn how a multi-tenant application is configured and coded end-to-end, including how to register, use the "common" endpoint, implement "user" and "admin" consent, how to implement more advanced multi-tier scenarios

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer

Hi @AmanpreetSingh-MSFT thanks for your response. Here's what I've done so far:

I registered a new application with multiple-tenant.
I registered a new app
In my Authentication tab I added URI. This redirect URI is provided by Firebase. eg: .firebaseapp.com/__/auth/handler

It seems it works but another problem occurred:
AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: ''.

Answer

Hello guys, I have a question while setting up Azure AD multi tenant and Firebase, mine is already working, but I can't get more info of the users, like job title, any idea on how to do this?

I already asked our client to give us user.Read.all, which I thought would do it, but still on the dark here.

Share via

Firebase login with Microsoft

4 answers

Your answer