Hello Adam Collings,
Welcome to the Microsoft Q&A and thank you for posting your questions here.
Problem
Sequel to your questions, I understand that users of a Blazor application hosted in Azure are unable to log in due to an "invalid_client" error, which started occurring suddenly without any recent changes in code or Azure configuration. The issue persists despite several hours of troubleshooting, including examination of Azure configurations and research online.
Scenario
In Azure, there's a Blazor application that relies on Microsoft Identity for user authentication. However, recently users trying to log in have been faced with an "invalid_client" error. Strangely, this issue surfaced out of the blue, with no recent updates made to either the application or Azure configuration.
Solution
It is good to know your Blazor App has been running successfully for many years assuming up to five years, right? You can bear me witness that technology changes and especially on security patch and critical updates for better technology consumption. It might not directly come from Azure or Application; it might be from client system updates. Despite there are no changes in the code, there must have been changes on the hosting platform or at client side.
This prescribed solution was based on the scenario given and your questions, while focusing on the problem statement.
First thing to do is to identify the cause by:
Review the Azure AD B2C configuration to check for any expired or invalid credentials, such as client secrets or certificates.
- Examine logs and error details to understand the specific nature of the "invalid_client" error.
Using this code snippet to retrieve log from Azure AD B2C
az monitor log-analytics query -w <workspace-name> --analytics-query "AzureDiagnostics | where Category == 'AuthenticationLogs' | where OperationName == 'Authentication' | where Status == 'Failed'"
Secondly, examine logs and:
- Navigate to Azure portal > Azure AD B2C > Diagnostic settings > Logs to access detailed logs.
- Look for entries related to authentication attempts and any associated errors or warnings both on client and hosting sides.
- Code Review: Pay particular attention to any code related to authentication and interaction with Azure AD B2C in your code. There might be a dependency that require update or upgrade.
Finally
You will need to check Client Secrets and Certificates by Navigate to Azure portal > Azure AD B2C > App registrations. Check the expiration status of any client secrets or certificates associated with the application. If expired, generate new client secrets or certificates as needed and update the application configuration accordingly.
How you can Updating Client Secret in Blazor Application:
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
{
options.ClientSecret = "your-new-client-secret";
});
Accept Answer
I hope this is helpful! Do not hesitate to let me know if you have any other questions.
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.
Best Regards,
Sina Salam NR.