I want to perform an outlook login, so that I can get calendar events. should I register the application as ad b2c or any suggestions regarding it. I have also tried doing it by registering the application but I have some issues regarding the tokens.

vegeta psych 0 Reputation points

I have registered my application in both ad b2c and as a normal application. after trying to login through Outlook, I am only receiving an access token but no refresh token; even though I have included offline_access in my scope. I received the error: OutlookAPIError: ErrorCode: 'PP_E_RPS_CERT_NOT_FOUND'. Message: ' Internal error: spRPSTicket->ProcessToken failed. Failed to call CRPSDataCryptImpl::UnpackData: Internal error: Failed to decrypt data. : Failed to get session key. RecipientId=293577. spCache->GetCacheItem returns error.:Cert Name: (null). SKI: 00ec83bf497a3dc095bbcf649b3bea6669160019...'. While trying to login through my normal account(not as ad b2c), I am receiving the refresh token as well, but I am unable to use the token to get a new access token. I did give all the API permissions, set the identity provider for Microsoft using the client ID and secret and I have created a client secret. I am receiving this error:

 "error": "invalid_grant",
    "error_description": "AADSTS50020: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Default Directory' and cannot access the application 'ac4a2eb9-54c9-4e34-bb6a-8256a955b7d2'(remindMe) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. Trace ID: d7956bc0-254f-4265-9784-5e0008727900 Correlation ID: 6f7c9552-7c00-449d-a0f9-b7025c2c0664 Timestamp: 2023-12-03 16:11:18Z"
A family of Microsoft email and calendar products.
3,418 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,770 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,597 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Navya 6,770 Reputation points Microsoft Vendor

    Hi @vegeta psych ,

    Thank you for posting this in Microsoft Q&A.

    I understand you want to perform an outlook login, so that you can get calendar events.

    This Eror AADSTS50020 occurs in various scenarios. To resolve this issue, Follow the below steps:

    1.Register your application as Enterprise application

    Sign into the Microsoft Entra admin center -> Browse to Identity > Applications > App registrations and select new registration.

    Enter name of the application and make sure to select supported account type as Accounts in any organizational directory and personal Microsoft accounts **(**supports both Microsoft and personal accounts)

    2.API Permissions: Add permissions for Microsoft Graph API and grant admin consent for the application.

    Calendars.ReadBasic, Calendars.Read, Calendars.ReadWrite

    3.When you get an access token, make sure to set URL as https://login.microsoftonline.com/commonand call the Event API endpoint.

    For your reference: https://learn.microsoft.com/en-us/graph/api/calendar-list-events?view=graph-rest-1.0&tabs=http

    To get refresh tokens please refer this document

    Hopes this helps. Do let us know if you any further queries.


    1 person found this answer helpful.