Azure AD

Over the last few years, OpenID Connect has become one of the most common ways to authenticate users in a web application. But if you want to use it in a desktop application, it can be a little awkward… Authorization code flow OpenID Connect is an authentication layer built on top of OAuth 2.0, which means that you have to use one of the OAuth 2.0 authorization flows. A few years ago, there were basically two possible flows that you could use in a desktop client application to authenticate a user:

Update 2021/09/19: If you’re using the newer Microsoft.Identity.Web library, you don’t have anything to do to handle this, as it’s already handled by the library. This article only applies if you’re using the generic OpenID Connect provider. Thanks to Ohad Schneider for mentioning this! If you use Azure AD authentication and want to allow users from any tenant to connect to your ASP.NET Core application, you need to configure the Azure AD app as multi-tenant, and use a “wildcard” tenant id such as organizations or common in the authority URL: