question

MadhuNair-3503 avatar image
0 Votes"
MadhuNair-3503 asked MadhuNair-3503 commented

Unable to get Id Token on B2C portal App registration using Java client

Hello,
I am trying to use the ROPC flow to get back an ID token and authenticate a user against a B2C tenant. I have basic understanding of Azure. I am following the steps mentioned here:-
https://docs.microsoft.com/en-us/azure/active-directory-b2c/add-ropc-policy?tabs=app-reg-ga&pivots=b2c-user-flow

However, I get the following message back from Azure:-
{"error":"unauthorized_client","error_description":"AADB2C90248: Resource owner flow can only be used by applications created through the B2C admin portal.

I have pasted the code snippet I am using. Any insights into why this isn't working will help. Is there something in Azure I need to set?


     try {
         HttpClient httpclient = new DefaultHttpClient();
         //HttpPost httppost = new HttpPost("https://devgrinnellmutualagents.b2clogin.com/devgrinnellmutualagents.onmicrosoft.com/B2C_1_ROPC_Auth/oauth2/v2.0/token");
         HttpPost httppost = new HttpPost("https://devgrinnellmutualagents.b2clogin.com/devgrinnellmutualagents.onmicrosoft.com/B2C_1_ROPC_Auth/oauth2/v2.0/token");
         try {
             List<NameValuePair> nameValuePairs = new ArrayList<>();
             //nameValuePairs.add(new BasicNameValuePair("username", "6000085170205300gm@dispostable.com"));
             nameValuePairs.add(new BasicNameValuePair("username", "66000085170205300gm_dispostable.com#EXT#@devgrinnellmutualagents.onmicrosoft.com"));
             nameValuePairs.add(new BasicNameValuePair("password", "testing123$$gm"));
             nameValuePairs.add(new BasicNameValuePair("grant_type", "password"));
             nameValuePairs.add(new BasicNameValuePair("scope", "openid 43872e67-4559-486f-88e3-bde0e6cc61fe"));

             nameValuePairs.add(new BasicNameValuePair("client_id", "43872e67-4559-486f-88e3-bde0e6cc61fe"));
             nameValuePairs.add(new BasicNameValuePair("response_type", "token id_token"));
             httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));

             // Execute HTTP Post Request
             HttpResponse response = httpclient.execute(httppost);

             String json_auth = EntityUtils.toString(response.getEntity());

             System.out.println(json_auth);

         } catch (ClientProtocolException e) {
             e.printStackTrace();
         } catch (IOException e) {
             e.printStackTrace();
         }
     } catch (Exception ex) {
         ex.printStackTrace();
     }



azure-ad-authentication
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered MadhuNair-3503 commented

Hi @MadhuNair-3503 · Thank you for reaching out.

The error AADB2C90248: Resource owner flow can only be used by applications created through the B2C admin portal. occurs when the application that you have registered is configured with incorrect option.

When you register application using Azure AD B2C > App Registrations blade, you will get below options:

  • Accounts in this organizational directory only (AMSIN B2C only - Single tenant)

  • Accounts in any organizational directory (Any Azure AD directory – Multitenant)

  • Accounts in any identity provider or organizational directory (for authenticating users with user flows)

Please register a new app by selecting the 3rd option (Accounts in any identity provider or organizational directory (for authenticating users with user flows)) during app registration and then update your application code with the client ID of the new app.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks. I don't appear to have that third option in my view. I only have the first 2 options and I have selected
Accounts in any organizational directory (Any Azure AD directory - Multitenant)

Is there something that needs to be done in order to select the third option?

0 Votes 0 ·