question

CodyRaffensperger-2689 avatar image
0 Votes"
CodyRaffensperger-2689 asked ShwetaMathur commented

Azure AD External Identity Error AADB2C90011

I have configured Google as an external identity provider for my Azure Active Directory tenant. A user flow has been created under External Identities. The user flow includes both Azure AD And Google as Identity Providers and two application registrations have been added to this user flow. One of the application registrations is for my application and another is for an API my application calls.

When I try to log into my application targeting this user flow using the following URL:

https://login.microsoftonline.com/te/[Tennant ID]/[User Flow Name]/oauth2/v2.0/authorize?
client_id=[Main App Client ID]
&scope=openid profile offline_access
&redirect_uri=https://localhost:3000
&client-request-id=2e29e1d0-b463-4d39-b496-a794c86dba13
&response_mode=fragment
&response_type=code
&x-client-SKU=msal.js.browser
&x-client-VER=2.21.0
&x-client-OS=
&x-client-CPU=
&client_info=1
&code_challenge=vFB-JEpdJlpkHbI4CwdvLUg46P4638K6YEXgEwVIcFk
&code_challenge_method=S256&nonce=36ee221e-1663-4c18-8b8f-0fab5525edd6&state=eyJpZCI6IjY5OTk4NWFkLTIzM2YtNGYyNC1hNTk4LWMyNWUzMWE3ZDdiNyIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0=

I get the following error:
Sorry, but we're having trouble signing you in.
We track these errors automatically, but if the problem persists feel free to contact us. In the meantime, please try again.
Correlation ID: b384ecbb-b60f-4856-94ae-4749fce59438
Timestamp: 2022-02-05 01:42:01Z
AADB2C90011: The client id 'd83ea059-94c7-434b-8f4e-2d9772ebb175' provided in the request does not match client id '4829629c-4ae8-42a5-9def-bd28fbfd6992' registered in policy.

The App Reg Client ID: d83ea059-94c7-434b-8f4e-2d9772ebb175 is my main application Client ID. I cannot find reference to the other Client ID (4829629c-4ae8-42a5-9def-bd28fbfd6992) anywhere in my tenant under App Registrations or Enterprise applications.

If I do a search for this Client ID and/or Azure AD error code (AADB2C90011) on the internet, I get a blog (https://securecloud.blog/2020/06/08/azure-ad-b2x-is-here-yes-b2x-not-b2c-or-b2b-debugging-and-insights/)

It states:
If you have both API and Client as separate app registrations, at least the client needs to be enabled as enabled for the sign-in flow. Both need to enabled if you plan to use the API also as the client for web sign-in
Correlation ID: ee11e28b-10e5-4073-83c4-eb8622a74051Timestamp: 2020-06-08 06:41:02ZAADB2C90011: The client id ’1197495f-4fa3-481b-97fb-af2a9dfa6f60’ provided in the request does not match client id ’4829629c-4ae8-42a5-9def-bd28fbfd6992’ registered in policy.

I do no understand why both my error and the one JULKAISSUT JOOSUA SANTASALO encountered and wrote about in his blog contain the same Client ID, and that this Client ID does not exist anywhere in my tenant. I do have both my API and Application added to this user flow but at this point it should not matter as I am just trying to log into may application and not yet use my API.

Does anyone know what I might be doing wrong while trying to setup Google as an external identity provider for my application?

azure-ad-app-registrationazure-ad-msal
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

We are working on this internally. Will update

0 Votes 0 ·

0 Answers