Azure-Samples / active-directory-b2c-custom-policy-starterpack

Azure AD B2C now allows uploading of a Custom Policy which allows full control and customization of the Identity Experience Framework
http://aka.ms/aadb2ccustom
MIT License
340 stars 394 forks source link

AADB2C90068: The provided application with ID is not valid against this service. Please use an application created via the B2C portal and try again.\ #72

Open tiago-alves opened 4 years ago

tiago-alves commented 4 years ago

I have configured a custom policy that just perform signin (I have removed any other custom step I will use just to make sure the issue is not with policy).

I have followed all instructions for creating IdentityExperienceFramework and ProxyIdentityExperienceFramework. When I run the user flow, it shows the UI screen, posts the request and does not redirect and does not show any errors. Since I enabled application insights, I could see this exception is being thrown.

I am sure I configured the apps as B2C apps and not AD apps, which seems to be a common cause for this issue but this is not the case.

The odd thing is that I have another directory with the same custom policy and with the exactly same configurations and it is working. The only difference is that this directory was created a month ago.

Any thoughts on this issue?

astaykov commented 4 years ago

Hi,

these particular application registrations (IdentityExperienceFramework & ProxyIdentityExperienceFramework) must be configured as Accounts in this organizational directory only, which is the first option when you register application. This is tiny little detail that is often overseen. Explicitly stated in bold on step 3 on the Register Identity Experience Framework applications within Getting started with Identity Experience Framework.

All your customer facing applications, must be registered as B2C applications, but not these two.

yadavvineet commented 4 years ago

I am also facing same issue, followed exactly same steps

Kressilac commented 3 years ago

I've now followed the instructions three times exactly thinking I did something wrong and each time, I continue to get the same problem in the UserJourneyRecorder when signing in.

Resource owner flow can only be used by applications created through the B2C admin portal. An application of version "V1" was found when searching for version "V2" using application identifier.

I've created both in the portal multiple times. I've updated the login-NonInteractive TechnicalProfile with the correct app ids. I've gone ahead and update the Local Account SignIn with the v2.0 b2clogin.com URLs for my custom sign in ploicy and checked that I can hit the .well-known configuration in a browser. Password Reset and SignUp both work as expected. It is just SignIn that fails every time with this error that results in an invalid password error on the UI.

Kressilac commented 3 years ago

I have since reverted everything back to login.microsoftonline.com and passwords are back to working for the Display Control sample pack. There's a bug somewhere in the processing of custom templates when you use the b2clogin.com endpoints along with the v2.0 endpoints. Either that or there is a setting that isn't clear in the custom template because none of the starter packs have been updated to reflect the b2clogin.com change. Even the Recommended stock versions seem to use microsoftonline.com so I am not sure that b2clogin works at all from within a custom template definition.

YohooE commented 3 years ago

I had the same issue. A fix for me was to create the application using the "Applications (Legacy)" blade. You can maintain the App Registration via the "App Registrations" blade.

eskaufel commented 2 years ago

I got this error after changing the value of "signInAudience" in the manifest file to something other than "AzureADandPersonalMicrosoftAccount"

kurtwaldowski-echelon commented 1 year ago

@eskaufel This same error is occuring for me as well, even if I make an App Registration from scratch using a signInAudience other than AzureADandPersonalMicrosoftAccount. Did you ever resolve this issue?