question

RohitKarmarkar-4073 avatar image
0 Votes"
RohitKarmarkar-4073 asked amanpreetsingh-msft edited

Azure B2C : Getting error while switching from Sign_up policy to Sign_In_Policy (Error Code: AADB2C90088)

Hi All,

In our application when User is redirected to Sign Up page (https://signin.***.com/***.onmicrosoft.com/{sign_up_policy_name}/), user has choice to Sign In if he already is a Sign User, for this we have a hyperlink with following url pattern : (https://signin.***.com/***.onmicrosoft.com/{sign_in_policy_name}/). When user clicks from on this links he is redirected to sign in page. But user is not able to sign in properly and we are getting following error with error code:


com.microsoft.aad.msal4j.MsalInteractionRequiredException: AADB2C90088: The provided grant has not been issued for this endpoint. Actual Value : {sign_up_policy_name} and Expected Value : {sign_in_policy_name}

Could you please help and give guidance on how to resolve the issue. Can we switch from https://signin.***.com/***.onmicrosoft.com/{sign_up_policy_name}/ url to https://signin.***.com/***.onmicrosoft.com/{sign_in_policy_name}/ url?

azure-ad-b2cazure-ad-msal
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered amanpreetsingh-msft edited

Hi @RohitKarmarkar-4073 • Thank you for reaching out.

Looks like it is trying to do a silent authentication in the context of the sign-up policy. The hyperlink that you have for the sign-in policy must invoke MSAL to trigger a new request to invoke the sign-in policy. You can include the prompt=login parameter in the URL of the sign-in policy to force interactive authentication.

I tested it out by creating a custom HTML page for the Sign-Up policy which includes a link to go back to the Sign-in policy and it works without any issue.

https://amsinstor.blob.core.windows.net/temp/unified.html (View page source: )

See this in action:

  1. Access the SignUp policy > Click here

  2. Sign up for a new account.

  3. Access the SignUp policy again.

  4. On the signup page, click on the Back to sign-in! link.

  5. Sign in with the credentials you used to signup.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @amanpreetsingh-msft,


I am only able to access this page: https://amsinstor.blob.core.windows.net/temp/unified.html
Could you please share url of custom/test page from where we can signin.

Could you please also let me know if it is a good practice to switching the policies dynamically for example sign_up to sign_in or sign_in to sign_up. Should we redirect users back to our application and then re-initiate the request, rather than dynamically switching policy.


0 Votes 0 ·

@RohitKarmarkar-4073 • I have updated the link in step 1 of my answer above. It is recommended to reinitiate the request, dynamically switching policy may lead to unexpected behavior or HTTP 400 - bad request.

0 Votes 0 ·

@RohitKarmarkar-4073 • Just checking if this answers your question. Feel free to tag me in your reply if you have any questions.

0 Votes 0 ·