[Feature Request] Support checking if an account is a Personal Account or a Work/School Account #4949
Comments
ThaDaVos
added
needs attention
|
You can check IAccount.AccountId.HomeTenantId which will be 98...dad for live.com accounts. We didn't make a nice api for it because we don't see a need. How are personal accounts handled differently than work and school accounts in your app? |
|
The thing my app does - or better said, small library used in a bigger app - is send email - but due the latest change of not allowing SMTP Auth using username and password - I am now setting up XOAUTH2 through a small library - but to send mail, I need to know if it's a business account or personal account - as the endpoint differs, it's smtp.office365.com or smtp-mail.outlook.com. Maybe I am wrong about the above, but that's as far as I know needed. Thanks for the headsup about the HomeTenantId |
|
@bgavrilMS - are you sure that field exists? |
|
Is it possible that it's |
|
Yes, |
|
@ThaDaVos, the pattern suggested by @bgavrilMS is what Entra ID currently recommends for identifying Consumer/MSA accounts. You can find a stack overflow on a similar topic here: https://stackoverflow.com/questions/48515074/how-to-differentiate-microsoft-msa-and-aad-accounts#:~:text=9188040d-6c67-4c5b-b112-36a304b66dad.%20Source:%20Azure%20Active This is the same check cloud services have to do for identifying Consumer accounts based on token claims: "The GUID that indicates that the user is a consumer user from a Microsoft account is 9188040d-6c67-4c5b-b112-36a304b66dad. Your app should use the GUID portion of the claim to restrict the set of tenants that can sign in to the app, if applicable." |
bgavrilMS
added
question
answered
and removed
untriaged
MSAL client type
Public
Problem statement
Currently there seems to be no way to check if an account returned by
IPublicClientApplication.GetAccountsAsync()or any otherIAccountinstance is a Personal or Work/School account. This feature is needed for Applications which allow both to sign in (as does mine). Currently not being able to do this defeats the purpose of the WAM broken, at least in the regard of silently logging in with an existing authenticated account in the users WAM store.Proposed solution
Add a field or method to IAccount which allows you to check if it's a Personal or Work/School account - perhaps a field/property based on a ENUM would suffice - or document how one can check this without getting a token first.
Alternatives
I tried
IAccount.Environmentas I expected that to be different for Personal and Work/School accounts -login.live.comvslogin.microsoftonline.combut in all cases it'slogin.microsoftonline.com.The text was updated successfully, but these errors were encountered: