Clarify use of secret in Microsoft Entra authentication docs

[philipnye]

Link to doc page in question (if any): https://docs.streamlit.io/develop/tutorials/authentication/microsoft

Name of the Streamlit feature whose docs need improvement: Authentication using Microsoft Entra

What you think the docs should say: This is a really great tutorial but there's one area where I think people might go wrong if they're not paying attention, which would be worth clarifying.

Under Configure your secrets, step 4, the code snippet includes server_metadata_url = "https://login.microsoftonline.com/consumers/v2.0/.well-known/openid-configuration". This would be clearer as server_metadata_url = "xxx".

The paragraph of text that follows states that server_metadata_url is a string that the user needs to supply, but is easy to miss. The string used in the code snippet only works if people allow access to the app using personal Microsoft accounts ('consumers').

[sfc-gh-dmatthews]

Thanks.

The example was written to use personal Microsoft accounts, which is what that URL is for. Microsoft has well-defined metadata URLs that only differ by what type of accounts you want to accept. That's called out in example 2 of the st.login docs.

I'll try to make that a little clearer in the example. The URL is there to help people know what the format of the URL should be since there are multiple URLs in the Azure admin panel.

[philipnye]

Thanks @sfc-gh-dmatthews I now see a couple of references to 'personal Micosoft accounts' higher up in the tutorial which I'd missed on using it.

I wonder if there's perhaps a point about broadening out the tutorial to cover other account types. Or even switching the focus to be work accounts - I would have thought lots of people are using Streamlit in that context?

Thanks either way!