Microsoft.IdentityModel does not support a B2C issuer with `tfp` in the uri

Borsoi Emanuel 296 Reputation points

I am trying to run the WebApp B2C sample:

When I try to login, I get the following error:

IDX40002: Microsoft.IdentityModel does not support a B2C issuer with 'tfp' in the URI. See for details.

If I edit the Instance to I get:

AADSTS50011: The redirect URI '' specified in the request does not match the redirect URIs configured for the application 'c24b0337-0bd9-45ee-8376-xxxxxxxxx'. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal. Navigate to to learn more about how to fix this.

Obviously adding this url, it does not work either.

As you can read here, other people run the sample without problems, the difference might be a more complex custom policy and the fact that we are using a custom Publisher domain

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,722 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Borsoi Emanuel 296 Reputation points

    After a long research I found this article/sample, where the Microsoft.Identity.UI framework is replaced with the Microsoft.AspNetCore.Authentication.AzureADB2C.UI.
    However, with the url I still get the same error, using the custom domain it works, that's enough for me.

    0 comments No comments

  2. Marilee Turscak-MSFT 35,806 Reputation points Microsoft Employee

    Hi @Borsoi Emanuel ,

    Thank you for sharing your solution of switching to the Microsoft.AspNetCore.Authentication.AzureADB2C.UI. This will surely help other customers who might be facing this issue. One note is that if you receive the reply URL when using the b2clogin but not when using the custom domain, it means that your redirect url in the application must have been configured to map to your custom domain.

    So the same URL needs to be configured in your application references such as the app settings and web.config, and these references need to match the app registration redirect URL in the portal. The tenant ID and application ID also need to match.

    Note also the reply url restrictions for user flows documented here.


    If the information helped you, please Accept the answer. This will help us and other community members as well.

    0 comments No comments