Mystery client ID as Microsoft Account identity provider; where are you and how can I find you?

Grant 1 Reputation point
2021-03-31T19:19:43.777+00:00

Some time ago I set up an application with B2C auth. It's been in use in production for a few years now, and clearly I've forgotten how I initially set it up...

We've started getting 400 cookie too large problems, and as a result, I went to switch it from login.microsoftonline.com to {tenant}.b2clogin.com.

Of course, in order to do that, I have to register that as an acceptable redirect_uri with all of the identity providers.

Which I was able to do for most of the providers, but...

The client ID configured for the Microsoft Account provider does not match the Application ID of any App Registrations in this directory (nor any other I have access to, for that matter). So I can't figure out where it is and how to switch it.
83426-image.png

Mind you, I'm the one who set this up in the first place, and I am Administrator on the tenant, so I don't see how it could be something that I just don't have access to anymore or anything like that...

There are 3 app registrations that exist, one for each environment, none of which are the one providing the Microsoft Account access.
83396-image.png

Each of them had the return URLs for the actual application, which I would expect, and didn't say anything about login.microsoftonline.com. I added the {tenant}.b2clogin.com address just to see if it would resolve my invalid redirect_uri error message, but of course it didn't, because clearly this is the wrong place to be adding it...
83379-image.png

At this point I would just add a new App Registration and switch it over, but I'm nervous to do so because I can't see the configuration of the existing one. And if something goes wrong, I can't switch it back to the mystery Client ID, either, because I don't have the Client Secret.

I'm sure I'm just thinking about something backwards and someone will be able to immediately shed some light on this?

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,657 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,606 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Grant 1 Reputation point
    2021-03-31T22:26:49.207+00:00

    I eventually found this in a completely different tenant, which was a big surprise.
    So beware:

    • You might have to separately search each directory you have access to.
    • The search box at the top of the azure portal will not give you any results for an app registration. You have to then skim past the five "No results were found." lines on the screen and click on "Try searching in Azure Active Directory" at the bottom. 83350-image.png
    • Searching by partial guid (i.e. 2c22a7af) doesn't actually give any results. You have to search for the full guid, or it just won't find it.
    • Even when it does find it, you might miss that it found anything because it says "No results." several times down the left hand side and across the top of the two columns, and shows up kind of right where our modern brains tune out advertisements. 🙄 83384-image.png

    Crisis eventually averted.

    0 comments