Permission Request in Custom Policy for Azure B2C

Pierre 5 Reputation points
2024-02-05T10:26:36.5166667+00:00

I am building a custom policy where clients can sign in with their company IDP.

The steps (in short) are as follow:

  • Client user provide their work email address
  • Their domain is parsed and used to direct them to their tenant to sign in (each client's IDP is configured in the custom policy)
  • They sign in with their work account
  • JWT sent to application if sign in is successful

The problem is that when the user that signs in have not given permission to scopes "openid and offline_access", it will through the following error.

`AADB2C90273: An invalid response was received : 'Error: access_denied,Error Description: AADSTS650054: The application 'https://

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,401 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 29,741 Reputation points Microsoft Employee
    2024-02-06T07:25:51.49+00:00

    Hi @Pierre , Thanks for reaching out.

    AADB2C90273 is very generic error which means "An invalid response was received: '{0}'and AADSTS650054 means the application asked for permissions to access a resource that has been removed or is no longer available.

    Could you please confirm while registering the application, did you check the below checkbox? User's image

    Also, could you please confirm what are the permissions you are passing in scope while sending the request? Thanks, Shweta

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.