This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 93%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMO%3C/text%3E%3C/svg%3E)
We are facing a strange issue when Apple´s review team are trying to sign in into our Ionic app for iOS with Azure B2C and through Sign in with apple IDP. We get the message: "We encountered an 'invalid_grant' error connecting to the identity provider. Please try again later."
Activity Type
Federate with an identity provider
This is only happening for the Apple team. It works perfectly on our devices and XCode simulator. It has worked until now for them and the app is on AppStore and have not had any code changes that i know of that should affects this.
Can anyone please give any clue on where to start our troubleshooting?
Hi @Mathias Olsson • Can you share the correlation ID that you get along with the error? If there is no on-screen error, try capturing fiddler trace for working and non-working scenarios for comparison.
Please follow the below instructions to capture a Fiddler trace:
Setup:
• Download and install Fiddler from here: https://www.telerik.com/fiddler
• Follow these instructions to enable HTTPS capture: https://docs.telerik.com/fiddler/configure-fiddler/tasks/DecryptHTTPS (do step 1 and 2)
To get traces:
• Start fiddler (it will start capturing)
• Repro the issue.
• Stop fiddler capturing by hitting the F12 key.
• Save all sessions in .saz file and look for the difference between Auth requests for working and non-working users.
Thanks but the issue is solved. We just regenerated the secret.
@Mathias Olsson • Thank you for sharing the solution. Posting it as the answer so that it helps others in the community facing this issue.
The issue is resolved by regenerating the application secret, as mentioned here: Add credentials
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 13%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
hi @AmanpreetSingh-MSFT
I'm having a similar issue. I am using a social idp provider to login to our B2C application but getting this error :
We're using domain_hint parameter to automatically pick the IDP provider/exchange in the B2C custom policy.
We encountered an 'invalid_grant' error connecting to the identity provider. Please try again later.
It works fine in 2-3 environments (ex. our dev, test and demo) but fails in another environment.
I've compared the app registrations and their manifests for the failing and working environments and they are identical.
Also, I've regenerated the IEF policy key (client secret) and redeployed, but still the same error.
Here is the correlation ID for one of the failed logins : def18dc6-c27e-40a8-af74-bb579c0ff7c9