Share via

Error When Switching User Flow from User Sign-In to Vendor Sign-Up in Azure AD B2C

Movin D 0 Reputation points
2025-01-03T06:37:47.97+00:00

Hi Azure Team,

I have implemented two separate user flows in Azure AD B2C for my application:

  1. User Sign-In (User Login Flow)
  2. Vendor Sign-Up (Vendor Registration Flow)

When a user is already logged in through the User Sign-In flow and attempts to transition to the Vendor Sign-Up flow (by clicking on a button to initiate the vendor registration), the following error occurs:

Error Message:
Sorry, but we're having trouble signing you in. We track these errors automatically, but if the problem persists feel free to contact us. In the meantime, please try again.

Correlation ID: 1324e152-c614-4f48-9e30-c8675e394759

Timestamp: 2025-01-03 06:15:39Z

AADB2C: An exception has occurred.

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
968 questions
Windows for business Windows Client for IT Pros Directory services Active Directory
Microsoft Security Microsoft Entra Microsoft Entra ID
Microsoft Security Microsoft Authenticator

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Zafer KAYA 90 Reputation points MVP
    2025-01-07T11:18:21.29+00:00

    Session Conflict

    When switching between user flows, Azure AD B2C may retain session information from the previous flow, leading to conflicts.

    Solution: Clear Session or Use Prompt Parameter

    Add the prompt=login query parameter to the Vendor Sign-Up flow URL. This forces a new sign-in and ignores the previous session.

    https://<tenant>.b2clogin.com/<tenant>.onmicrosoft.com/<sign-up-policy>/oauth2/v2.0/authorize?prompt=login

    If the claims returned by the two flows are different (e.g., different required attributes or custom claims), the switch might fail.

    Solution: Align Claims Between Flows

    • Ensure both user flows are configured to handle overlapping claims.
    • If your Vendor Sign-Up flow expects specific attributes, validate that these are handled properly in your application.
    • Use custom policies if you need to define advanced claim transformations
    • Token Scope or Audience Mismatch The application may fail to validate the token from the new flow if the scopes or audience (App ID URI) differ. Solution: Match App Registration
      • Verify that both flows are linked to the same application registration in Azure AD.
      • Ensure the API permissions (scopes) for the application registration allow access to the same resources.
      • Check the reply URLs in the application registration to ensure they match the flow redirection URLs.
      • Missing or Incorrect Redirect URI If the redirect URI for the Vendor Sign-Up flow is not configured correctly in Azure AD, the flow will fail. Solution: Update Redirect URI
        • In Azure Portal, go to Azure AD B2C > App registrations > Your App > Redirect URIs.
    • Best Practices for Switching User Flows

    Enable Single Sign-On (SSO):

      - If appropriate, use SSO across flows to reduce authentication friction.
  
        - Configure this in **Azure AD B2C > Identity Experience Framework > SSO Settings**.
        
        **Use Custom Policies for Seamless Transitions:**
        
              - Custom policies allow you to merge multiple flows or define behavior when transitioning between them.
              
                    - Example: Use a single custom policy to handle both sign-in and vendor registration dynamically.

    Ensure Application Logic Handles State Changes:

      - Your application should handle user state changes (e.g., from signed-in user to vendor) gracefully.
    0 comments
  2. Navya 19,795 Reputation points Microsoft External Staff Moderator
    2025-01-08T12:20:49.0733333+00:00

    Hi @Movin D

    Thank you for posting this in Microsoft Q&A.

    I understand that you are facing an issue with Azure AD B2C. Based on the error message you provided, it seems like there is an issue with the sign-in process.

    As mentioned in the document https://learn.microsoft.com/en-us/troubleshoot/entra/entra-id/b2c/error-sign-into-app it may be caused by the client ID missing or being incorrect in the Web.config file for the app.

    To fix this issue, please follow these steps:

    1. Open the Web.config file for the app.
    2. In the Web.config file, find the app key ida:ClientId.
    3. Replace the value of the app key with the client ID that is provided for your app in the Azure AD B2C admin portal.
    <appSettings>
<add key="ida:ClientId" value="**xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx**">
</appSettings>

    If you are still encountering issues, could you please provide more information about the configuration of your user flows? Specifically, are the user flows using the same identity providers? Also, please let me know how you registered your application.

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.