Azure b2c iframe embedded sign in 400 bad request.

SVERDLOV, Roman 20 Reputation points

I try to set up embedded sign in with local account (email) and Entra ID following this documentation
Custom policy works fine when tested on azure and if used without an iFrame.
While trying to use it with an iFrame I can log in for the first time (when cookies and cash is cleared). But after I sign out and try to log in again I get 400 bad request.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,674 questions
0 comments No comments
{count} votes

Accepted answer
  1. Marilee Turscak-MSFT 36,336 Reputation points Microsoft Employee

    Hi @SVERDLOV, Roman ,

    The 400 error may occur if the X-Frame-Options configuration is set to "Deny", which would indicate a CORS problem. It is a browser behavior which can be resolved by setting X-Frame-Options to "SAMEORIGIN".  You can use application code or configure a script in HTTP header. Here is an Angular app example:

    I would also recommend checking the solutions in this thread:

    If you still face this issue after trying these steps, please feel free to reach out to me at ("Attn: Marilee Turscak") and include your subscription ID and a link to this thread, and I will open a one-time free support case to troubleshoot this further.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful