Azure b2c iframe embedded sign in 400 bad request.

SVERDLOV, Roman 20 Reputation points
2024-06-27T20:31:00.66+00:00

I try to set up embedded sign in with local account (email) and Entra ID following this documentation https://learn.microsoft.com/en-us/azure/active-directory-b2c/embedded-login?pivots=b2c-custom-policy.
Custom policy works fine when tested on azure and if used without an iFrame.
While trying to use it with an iFrame I can log in for the first time (when cookies and cash is cleared). But after I sign out and try to log in again I get 400 bad request.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,674 questions
0 comments No comments
{count} votes

Accepted answer
  1. Marilee Turscak-MSFT 36,336 Reputation points Microsoft Employee
    2024-06-27T23:07:37.7+00:00

    Hi @SVERDLOV, Roman ,

    The 400 error may occur if the X-Frame-Options configuration is set to "Deny", which would indicate a CORS problem. It is a browser behavior which can be resolved by setting X-Frame-Options to "SAMEORIGIN".  You can use application code or configure a script in HTTP header. Here is an Angular app example: https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/1985

    I would also recommend checking the solutions in this thread: https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/1124

    If you still face this issue after trying these steps, please feel free to reach out to me at AzCommunity@microsoft.com ("Attn: Marilee Turscak") and include your subscription ID and a link to this thread, and I will open a one-time free support case to troubleshoot this further.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful