We have an app registered in public Azure portal (with client id & secret) which we have been using for a while. It's set up to use OAuth2 and is multi-tenant and has been successfully used by a number of commercial customers to retrieve Sharepoint data.
Can customers on US Gov tenants also use this app or will we need to set up a new one? I came across a post that suggested this used to work but has been recently tightened up. Perhaps we need to set up a new app for each US Gov tenant / customer? I have not found much about this in the documentation so far, so any links appreciated!
So far we have two US Gov customers who have attempted to complete the OAuth2 flow but each gets a different error:
- AADSTS900441 'Requests to applications hosted in the public cloud are not supported for US Gov tenants'
- AADSTS7000215 'Invalid client secret is provided'
The only thing we have changed so far to support these customers is the auth endpoint (https://login.microsoftonline.com -> https://login.microsoftonline.us). Perhaps there is something else we need to update?
As mentioned by @Steve Michelotti(the guy works at Microsoft on Azure Government), this has been more locked down recently, if your customers need to use Oauth2 flow to login to your app, you need to create a new app for each US Gov tenant.