I’m trying to go through an OAuth implicit flow to get an access token from Azure AAD. When I redirect to login.microsoftonline.com I get the following error.
403 Forbidden, domain or scheme is not allowed: login.microsoftonline.com
I have added login.microsoftonline.com to my “Domain allow list”, but that doesn’t appear to do anything. Is there a way around this? Do I have to re-initialize the app somehow so the domain allow list takes hold? It’s unclear from the error where the problem is coming from or how to fix it.
Zoom Apps are (by far) the hardest of the main meeting providers to implement due to your OWASP requirements. Having to whitelist everything is a massive headache and prone to error/omission.