microsoft-authentication-library-for-android | Microsoft Authentication Library (MSAL) for Android | Azure library

The customization options are limited to Azure AD to brining and some text fields. It allow you to customize the appearance of the sign-in page with your company logo and custom color schemes. Company branding is available only if you upgrade to premium or Basic edition of Azure AD.

Here are the customization options. Learn more here.

You are encountering this because you have not added the key of apk in the Configuration of the Android application.

In the redirect_uri, the part refers to the package name returned by the context.getPackageName() method. This package name is the same as the application_id defined in your build.gradle file.

NOTE: This is the minimum required configuration. MSAL relies on the defaults that ships with the library for all other settings. Refer to the configuration file documentation to understand the library defaults.

In this case. This is the key of signed application. This value cannot be static. You need to provide Microsoft that this application is Authenticating against the real app.

After registering your app in AAD it will prompt a keytool -exportcert -alias SIGNATURE_ALIAS -keystore PATH_TO_KEYSTORE | openssl sha1 -binary | openssl base64. From this command you can generate the signature of the android keystore keys.

The above error is because there is no access token when you were calling the Graph API call. Make sure you pass the header with the HTTP call having access token in Authorization parameter. As suggested by @Dev you can also check in https://jwt.ms and see the access token claims. You can also try the below HTTP call.

https://graph.microsoft.com/v1.0/sites/{siteid}/lists/{listid}/items/{itemid}

in Graph Explorer and you could find the difference.

In the "audience", change the "type" to "AzureADMyOrg" and add "tenant_id" after that like below.

I think it makes sense, it shouldn't be static. you want to microsoft to be able to prove that it is authenticating against your real app and not a modified or different application. this is the signed application for release with apk,

you need to sign your app in order to be able to put it on the play store or to have it validate:https://developer.android.com/studio/publish/app-signing

per the microsoft documentation: https://docs.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-android#integrate-with-microsoft-authentication-library

it tells you how to generate the hash. in the portal when you set up the authentication on app reg it will give you a command like: keytool -exportcert -alias SIGNATURE_ALIAS -keystore PATH_TO_KEYSTORE | openssl sha1 -binary | openssl base64

to generate the signature it just gets gets the signature of the android keystore keys. Hopefully this helps.

I added these two lines to the AndroidMainfest.xml file based on information provided by the Azure B2C team: