question

CrystalCary-4669 avatar image
1 Vote"
CrystalCary-4669 asked shashishailaj edited

OOB OAuth getting stuck between email and password

We're working on getting OOB authentication set up to authenticate using Azure AD. When we use urn:ietf:wg:oauth:2.0:oob (but not a normal URL), it allows us to enter the email, but then hangs with the wait dots going across the top. It never arrives at where you can enter the password.
I enable debug mode, and have the following IDs:
Request Id: 0c5a4000-24f7-4286-9aa0-8492e504ef00
Correlation Id: e9dc363f-2537-42e3-84e9-df8490374c30
Timestamp: 2020-02-12T16:49:38.759Z
The URL I start at is (Client ID redacted): https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&scope=Mail.Send+User.Read&state=state

azure-ad-connectazure-ad-authentication-protocols
· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FrankHuMSFT-3200 avatar image FrankHuMSFT-3200 ·

What documentation are you trying to follow? What OOB Auth are you referring to?

In addition to that what is the AADSTS error that you're receiving? If you cannot find it, please use fiddler and capture the response traffic from the 400 error that is being thrown back to you.

1 Vote 1 ·
FrankHuMSFT-3200 avatar image FrankHuMSFT-3200 ·

Hello @CrystalCary-4669

I'm following up on this issue, can you please respond in regards to the comment above? Thanks

0 Votes 0 ·

1 Answer

shashishailaj avatar image
0 Votes"
shashishailaj answered shashishailaj edited

Hello @CrystalCary-4669 ,

I am not sure where your app is registered and if it is a B2C tenant scenario but in a B2C scenario, this would happen if tenantId parameter is not passed within the request. Since tenantId is not passed hence the B2C signin policy objects from the policy cache in the backend could not be fetched and the silent sign in request that is made by the application goes in a loop and errors out eventually. You would need to check the request generated within the application . This can be collected to understand more on what request was initiated if this is a web app. In case of a non-webapp , you may have to setup breakpoints within the app and capture HTTP request response. to analyze it . You can try to troubleshoot it using Fiddler/fiddlercap. I would suggest you to use fiddlercap to collect a Http trace on your machine where the request originates . The following is the step by step from the original fiddlercap page .

Step-by-step guide


  • Download Telerik FiddlerCap

  • Close all instances of Internet Explorer. Using Firefox? Click here.

  • Run the FiddlerCapSetup.exe file.

  • FiddlerCap will start automatically when the installer completes.

  • Unless your debugging buddy has asked you to skip this step:

  • Inside FiddlerCap, click the Clear Cookies button and then the Clear Cache button.

  • Inside FiddlerCap, click the 1. Start Capture button.

  • A new Internet Explorer window will appear. Use Internet Explorer's address bar to go to whatever site you need and reproduce the problem.

  • To add a screenshot to your capture, press the Screenshot button inside FiddlerCap. To add a comment, click the Flag button.

  • Inside FiddlerCap, click the 2. Stop Capture button.

  • Click the 3. Save Capture button. Save the .SAZ file to your desktop.

  • Email the .SAZ file from your desktop to your debugging buddy.

You can download full version of fiddler using https://www.telerik.com/fiddler . Within the fiddler trace you should be able to see the details of the request body and corresponding response. You can also replay the request adding TenantId parameter and that should give you more insights. In case you are still unable to get this fixed, please open a ticket with Microsoft . If you have any trouble opening a support ticket , please send us an email on azcommunity[at]microsoft[dot]com and we will help you further.

Hope this helps In case the information provided in this post is helpful , please do accept it as answer so that this can be helpful to other community members searching for similar queries.

Thank you.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.