This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 40%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAJ%3C/text%3E%3C/svg%3E)
Hi,
We are using B2C with Microsoft as one of the identity provider. Everything was working fine until we had Microsoft App Registration Secret expired.
We created a new one (in AAD) and updated B2C provider with new secret. When we try to test user flow with Microsoft it throws below error
We're unable to complete your request
unauthorized_client: The client does not exist or is not enabled for consumers. If you are the application developer, configure a new application through the App Registrations in the Azure Portal at https://go.microsoft.com/fwlink/?linkid=2083908.
Would appreciate if I can get some help in resolving this issue.
PS - We have already tried deleting MSFT provider and setting up new.
- We also didn't make any changes to MSFT App Registration apart from adding a new secret
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hi @Amit Jaura ,
Thanks for your post! Here are a few things to check:
1) For multi-tenant apps you need to make sure application is registered as multi-tenant rather than single tenant. It should say "Accounts in any organizational directory" rather than "Accounts in this organization only." https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-microsoft-account?pivots=b2c-user-flow
2) If risk-based step-up consent is enabled, users can't consent to most newly registered multitenant apps that aren't publisher verified. If this is the case for your app and you previously registered the app prior to November 2020, you will need to complete the publisher verification process.
https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-single-tenant?pivots=b2c-user-flow
https://learn.microsoft.com/en-us/azure/active-directory/develop/publisher-verification-overview
3) Make sure you have the Application (client) ID configured.
Let me know if this helps. I'm also trying to see if I can reproduce this issue in my own tenant by replacing the secret. Since I don't have access to your tenant you can also feel free to reach out to me over email (left in private comment) to further troubleshoot or get a support case opened.
-
If the information helped you, please Accept the answer. This will help us and other community members as well.
Thanks @Marilee Turscak-MSFT for your response. We figured out that new Secret created in AAD App registration (For Microsoft provider) needs a new entry in Policy Keys under Custom Flow.
That has solved our issue.