question

Grant9294 avatar image
0 Votes"
Grant9294 asked Grant9294 answered

Mystery client ID as Microsoft Account identity provider; where are you and how can I find you?

Some time ago I set up an application with B2C auth. It's been in use in production for a few years now, and clearly I've forgotten how I initially set it up...

We've started getting 400 cookie too large problems, and as a result, I went to switch it from login.microsoftonline.com to {tenant}.b2clogin.com.

Of course, in order to do that, I have to register that as an acceptable redirect_uri with all of the identity providers.

Which I was able to do for most of the providers, but...

The client ID configured for the Microsoft Account provider does not match the Application ID of any App Registrations in this directory (nor any other I have access to, for that matter). So I can't figure out where it is and how to switch it.
83426-image.png

Mind you, I'm the one who set this up in the first place, and I am Administrator on the tenant, so I don't see how it could be something that I just don't have access to anymore or anything like that...

There are 3 app registrations that exist, one for each environment, none of which are the one providing the Microsoft Account access.
83396-image.png

Each of them had the return URLs for the actual application, which I would expect, and didn't say anything about login.microsoftonline.com. I added the {tenant}.b2clogin.com address just to see if it would resolve my invalid redirect_uri error message, but of course it didn't, because clearly this is the wrong place to be adding it...
83379-image.png

At this point I would just add a new App Registration and switch it over, but I'm nervous to do so because I can't see the configuration of the existing one. And if something goes wrong, I can't switch it back to the mystery Client ID, either, because I don't have the Client Secret.

I'm sure I'm just thinking about something backwards and someone will be able to immediately shed some light on this?


azure-ad-b2cazure-ad-app-registrationazure-ad-microsoft-account
image.png (8.0 KiB)
image.png (23.5 KiB)
image.png (27.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Grant9294 avatar image
0 Votes"
Grant9294 answered

I eventually found this in a completely different tenant, which was a big surprise.
So beware:

  • You might have to separately search each directory you have access to.

  • The search box at the top of the azure portal will not give you any results for an app registration. You have to then skim past the five "No results were found." lines on the screen and click on "Try searching in Azure Active Directory" at the bottom. 83350-image.png

  • Searching by partial guid (i.e. 2c22a7af) doesn't actually give any results. You have to search for the full guid, or it just won't find it.

  • Even when it does find it, you might miss that it found anything because it says "No results." several times down the left hand side and across the top of the two columns, and shows up kind of right where our modern brains tune out advertisements. 🙄 83384-image.png


Crisis eventually averted.






image.png (27.3 KiB)
image.png (30.3 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.