Hi all, I am trying to set up Microsoft OAuth but microsoft user authentication is failing. Are there any configurations I am missing besides the Microsoft Authentication page?

Hi @brave-flower-58422, Did you configure your own Microsoft app or currently using Descope’s? What error are you getting? can you please share your

projectID

?

We did not setup microsoft app and currently using Descope. The project id is P2S4sM8KKC0gdOu0eBgmT4v0gfvf.

What OAuth action are you running in the flow? SignUp/SignIn/SingUpOrIn?

SignIn

And how was the user signed up? when was it created and with which identifier?

Manually added him to Manage>Users

I see. So the use case here is merging the MSFT user with the existing user based on the email. To allow there is a configuration in the OAuth authentication page of each provider. Specifically in Microsoft this option was not turned on by default due to the nOAuth vulnerability discovered by Descope and recently addressed by Microsoft as well. You can turn this toggle on and if the email addresses are verified by Microsoft already the accounts will merge as expected. If not, there are several options that can be done. Please check that first.

will check this thank you!

Hi @brave-flower-58422 It means that those emails are not verified in the MSFT account and we cannot merge them with existing ones, especially not with MSFT. As you’ve seen in the nOAuth article, anyone can create an account in MSFT and update their email to your email (but it won’t be verified). In that case, if we would allowed merge with unverified emails, they will sign-in with their account and will be merge into your account and will take over it. If you would like, we can discuss alternatives but I will need to better understand the use case and how you add new users. DM know when you are available and we can set a short call.