Profile 'login-NonInteractive' in policy 'B2C_1A_signup_signin' in tenant 'tenant.onmicrosoft.com' does not contain the required cryptographic key 'client_secret'.

Jairo Ortiz 25 Reputation points
2023-07-21T17:41:05.5166667+00:00

Hello team,

I am trying to set up Local account sign-in using B2C but I keep geting this error. Signup works without a problem and returns an access_token once a user completes the flow but using the same credentials to login fails. I have tried using a default sign in user flow and it works with the same credentials. What am I missing? Or what am I supposed to use for the client_secret?

Error:
Profile 'login-NonInteractive' in policy 'B2C_1A_signup_signin' in tenant 'tenant.onmicrosoft.com' does not contain the required cryptographic key 'client_secret'.

I had configure IdentityExperienceFramework and ProxyIdentityExperienceFramework as explained here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy#register-identity-experience-framework-applications and configure the ClientID (AppID) of these applications under login-NonInteractive technical profile within TrustFrameworkExtension.xml file.

I have also made sure to add signing and encryption keys as mentioned here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy#add-signing-and-encryption-keys

If I add:


the error does not appear but when logging in nothing happens:

User's image

What value should I put in the policy key B2C_1A_IdentityServerSecret ? I can't find information about it.

Thank you

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
3,016 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,153 questions
0 comments No comments
{count} votes

Accepted answer
  1. Shweta Mathur 30,301 Reputation points Microsoft Employee
    2023-07-24T08:25:21.0133333+00:00

    Hi @Jairo Ortiz ,

    Thanks for reaching out.

    Are you using the startup pack https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy#get-the-starter-pack provided by Azure AD B2C?

    Make sure, in the B2C tenant, you provide the API permission to ProxyIdentityExperienceFramework app. If this permission is not added, sign-up works but sign-in fails.

    Also, double check if ProxyIdentityExperienceFrameworkAppId and IdentityExperienceFrameworkAppId are added to the login-NonInteractive technical profile, as mentioned and not vise-versa by mistake.

    Adding signing and encryption key would help in issuing the token.

    Make sure you add both the keys as described in document in the policy keys

    User's image

    which is used in base file of startup pack in multiple technical profiles (JWT issuer, AAD-common)) which are calling while user journey to get the token.

    In case the above does not work for you, please send us an email on azcommunity [at] microsoft [dot] com referencing this issue with a subject line "ATTN:shweta" to help you further.

    Hope this will help.

    Thanks,

    Shweta


    Please remember to "Accept Answer" if answer helped you.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.