MsalServiceException AADSTS50049 when targeting B2C
See original GitHub issueI just migrated our code to MSAL 2.2.0 and also changed to use the b2clogin.com domain instead of the login.microsoft.com domain we were using before.
I cannot seem to figure out how to construct the correct authority string. Here is what my code currently looks like:
private const string mTenant = "ideliverableb2c.onmicrosoft.com";
private const string mClientId = "d77e...caa6"; // Obfuscated here
private const string mSignInPolicyName = "B2C_1_si";
private PublicClientApplication mClientApplication =
new PublicClientApplication(mClientId, authority: $"https://ideliverableb2c.b2clogin.com/tfp/{mTenant}/{mSignInPolicyName}")
{
RedirectUri = $"msal-{mClientId}://auth",
ValidateAuthority = false
};
I have tried various different ways to format the authority string, but no matter what I do I get the same exception when I call mClientApplication.AcquireTokenAsync():
Microsoft.Identity.Client.MsalServiceException: AADSTS50049: Unknown or invalid instance.
Response body:
{
"error":"invalid_instance",
"error_description":"AADSTS50049: Unknown or invalid instance.\r\nTrace ID: 6b61d006-7a2a-4b7e-b497-3cd6d9dc3800\r\nCorrelation ID: 78054f61-e0a9-4685-b761-64bc728ff90d\r\nTimestamp: 2018-10-09 19:28:23Z",
"error_codes":[50049],
"timestamp":"2018-10-09 19:28:23Z",
"trace_id":"6b61d006-7a2a-4b7e-b497-3cd6d9dc3800",
"correlation_id":"78054f61-e0a9-4685-b761-64bc728ff90d"
}
What am I doing wrong here?
Issue Analytics
- State:
- Created 5 years ago
- Comments:27 (4 by maintainers)
Top Results From Across the Web
AADSTS50049 Invalid instance error for b2c login
Hi,. I'm getting an error while making a authentication call to B2C. URL is appearing in the format as below:
Read more >Configuring Azure AD B2C ApiScopes and ApiUrl
1 Answer. If you are using the your-tenant-name.b2clogin.com domain with MSAL, then (at the time of this writing) you must: Ensure Authority ...
Read more >Azure AD B2C: : Error: "AADSTS50049: Unknown or invalid ...
I'm trying to adapt the new b2clogin.com before login.microsoftonline.com is deprecated but keep getting Error: "AADSTS50049: Unknown or invalid instance".
Read more >Untitled
Customize the look and feel of your Azure AD B2C page B2C Popup on iOS: "My ... مادة sodium hypochlorite MsalServiceException AADSTS50049 when...
Read more >ADAL to MSAL migration for the Azure AD B2C ...
ADAL to MSAL migration for the Azure AD B2C “B2CGraphClient” utility ... catch (MsalServiceException ex) when (ex.Message.Contains("AADSTS70011"))
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
It is also useful to specify that the Authority url should be like :
https://TENANT.b2clogin.com/tfp/TENANT.onmicrosoft.com/POLICY/v2.0/.well-known/openid-configuration
(never properly mentioned in any documentation)
WithAuthoritynow has an overload of sorts,WithB2CAuthority. While I was using a properly-formatted authority (https://TENANT.b2clogin.com/tfp/TENANT.onmicrosoft.com/POLICY/), I continued to get the error:"B2C 'authority' Uri should have at least 3 segments in the path (i.e. https://<host>/tfp/<tenant>/<policy>/...)"Thankfully, the sample here showed the overload. Once I started using it, I was able to get connected.