We added a second custom domain to our AAD tenant and bug rfixed our IDP for the metrolist (IDP) tenant’s particular UX.
We then build a oauth-based application using the metrolist oauth configuration. The screen shots show the app’s login screen, in the windows UI, and a form showing records, after login, for the authenticated user. This app emulates what a metrolist vendor will do, similarly, when building an IOS or Android application.
At the server API supporting the client, the server code shown below indicates that the client provided a authorization token on the api call to GET records – having obtained that token previous from metrolist’s infrastructure using the oauth/openidconnect handshake.
A trace of the embedded browser talking to the AS is show below: