MSAL error AADB2C90146

Question

I have a hosted Blazor WebAssembly app secured with Azure AD B2C. I need to call GraphAPI from my app to get some custom user information. I used this article to set up the service, but it doesn't work. I get an error message when I try to access pages that need authentication or log in:

The message is kind of self explaining, but I don't understand how shall I do it.

Here I set AddMsalAuthentication

builder.Services.AddMsalAuthentication(options =>  
{  
    builder.Configuration.Bind("AzureAdB2C", options.ProviderOptions.Authentication);  
    options.ProviderOptions.DefaultAccessTokenScopes.Add(  
        "https://xxx.onmicrosoft.com/xxxxxxx-a5f50ab3378d/API.Access");  
  
    options.ProviderOptions.LoginMode = "redirect";  
});  

and Microsoft Graph

builder.Services.AddGraphClient("https://graph.microsoft.com/User.Read");  

Answer 1

Hi @anastasia

The error is a scope conflict, the https://xxx.onmicrosoft.com/xxxxxxx-a5f50ab3378d/API.Access is your custom web api not graph api. You cannot request tokens for two different types of api, please changed it to graph api.

 builder.Services.AddMsalAuthentication(options =>  
 {  
     builder.Configuration.Bind("AzureAdB2C", options.ProviderOptions.Authentication);  
     options.ProviderOptions.DefaultAccessTokenScopes.Add(  
         "https://graph.microsoft.com/User.Read");  
      
     options.ProviderOptions.LoginMode = "redirect";  
 });  

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.