k4zek4ge/main.txt

## main.txt
Struggled with web authentication for a while several errors, but this error was one of them.

My organization does not participate in MPN, and the Microsoft Azure side had some changes recently that don't seem to be reflected in current discussion threads, seems like many options have been rebranded or renamed.

Lot's of different errors from Pocketbase from all different Azure test implementations. Below is what worked for me for a web app implementation:

Start by logging in to the Azure portal, navigating to Azure>Microsoft Entra ID>Home>Default Directory>App Registrations

Add a new application, fill in as many details as make sense. Navigate to the dashboard for that app.
Configure app as Web Client (NOT SPA, even if your app is an SPA), the code challenge will fail otherwise.
Use the appropriate Pocketbase redirect URI ( as mentioned in the Pocketbase authentication documentation)
From the overview panel in your Microsoft Entra App you can copy/paste your Tenant ID into the auth and token URLs in the Pocketbase admin console (when configuring Microsoft Authentication form)
From the overview panel in your Microsoft Entra App (in Azure), use the Application (client) ID as the Client ID in the Pocketbase admin console (when configuring Microsoft Authentication form)
Add a client secret, use the secret value (not ID) in your Pocketbase admin console (when configuring Microsoft Authentication form)
under Token Configuration  panel, I added only one row for email access
Under API permissions  I added: Microsoft Graph> email, offline_access, User.Read, User.ReadAll, openid (likely not all of these are necessary, may depend on your app)
Under Branding and Properties I also verified my domain, but I am not sure if this was affecting the auth flow, doesn't seem to matter initially.
Under Owner Panel, added myself as the owner (Whoever you logged in as).
	Struggled with web authentication for a while several errors, but this error was one of them.

	My organization does not participate in MPN, and the Microsoft Azure side had some changes recently that don't seem to be reflected in current discussion threads, seems like many options have been rebranded or renamed.

	Lot's of different errors from Pocketbase from all different Azure test implementations. Below is what worked for me for a web app implementation:

	Start by logging in to the Azure portal, navigating to Azure>Microsoft Entra ID>Home>Default Directory>App Registrations

	Add a new application, fill in as many details as make sense. Navigate to the dashboard for that app.
	Configure app as Web Client (NOT SPA, even if your app is an SPA), the code challenge will fail otherwise.
	Use the appropriate Pocketbase redirect URI ( as mentioned in the Pocketbase authentication documentation)
	From the overview panel in your Microsoft Entra App you can copy/paste your Tenant ID into the auth and token URLs in the Pocketbase admin console (when configuring Microsoft Authentication form)
	From the overview panel in your Microsoft Entra App (in Azure), use the Application (client) ID as the Client ID in the Pocketbase admin console (when configuring Microsoft Authentication form)
	Add a client secret, use the secret value (not ID) in your Pocketbase admin console (when configuring Microsoft Authentication form)
	under Token Configuration panel, I added only one row for email access
	Under API permissions I added: Microsoft Graph> email, offline_access, User.Read, User.ReadAll, openid (likely not all of these are necessary, may depend on your app)
	Under Branding and Properties I also verified my domain, but I am not sure if this was affecting the auth flow, doesn't seem to matter initially.
	Under Owner Panel, added myself as the owner (Whoever you logged in as).