Issue with B2C Microsoft Provider after creating a new secret

Amit Jaura 1 Reputation point
2022-08-17T02:38:14.863+00:00

Hi,

We are using B2C with Microsoft as one of the identity provider. Everything was working fine until we had Microsoft App Registration Secret expired.

We created a new one (in AAD) and updated B2C provider with new secret. When we try to test user flow with Microsoft it throws below error

We're unable to complete your request
unauthorized_client: The client does not exist or is not enabled for consumers. If you are the application developer, configure a new application through the App Registrations in the Azure Portal at https://go.microsoft.com/fwlink/?linkid=2083908.

Would appreciate if I can get some help in resolving this issue.

PS - We have already tried deleting MSFT provider and setting up new.
- We also didn't make any changes to MSFT App Registration apart from adding a new secret

231846-image.png

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,678 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Marilee Turscak-MSFT 34,786 Reputation points Microsoft Employee
    2022-08-19T23:41:17.12+00:00

    Hi @Amit Jaura ,

    Thanks for your post! Here are a few things to check:

    1) For multi-tenant apps you need to make sure application is registered as multi-tenant rather than single tenant. It should say "Accounts in any organizational directory" rather than "Accounts in this organization only." https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-microsoft-account?pivots=b2c-user-flow

    2) If risk-based step-up consent is enabled, users can't consent to most newly registered multitenant apps that aren't publisher verified. If this is the case for your app and you previously registered the app prior to November 2020, you will need to complete the publisher verification process.
    https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-single-tenant?pivots=b2c-user-flow
    https://learn.microsoft.com/en-us/azure/active-directory/develop/publisher-verification-overview

    3) Make sure you have the Application (client) ID configured.

    Let me know if this helps. I'm also trying to see if I can reproduce this issue in my own tenant by replacing the secret. Since I don't have access to your tenant you can also feel free to reach out to me over email (left in private comment) to further troubleshoot or get a support case opened.

    -
    If the information helped you, please Accept the answer. This will help us and other community members as well.

    0 comments No comments

  2. Amit Jaura 1 Reputation point
    2022-08-20T00:16:15+00:00

    Thanks @Marilee Turscak-MSFT for your response. We figured out that new Secret created in AAD App registration (For Microsoft provider) needs a new entry in Policy Keys under Custom Flow.

    That has solved our issue.

    0 comments No comments