Azure AD B2C Error: The client Id specified in the request is not registered in tenant

Question

I am attempting to log in to an Azure Active Directory B2C application.

Whenever I access the URL https://login.microsoftonline.com/te/<my_domain>/<my_sign_up_sign_in_policy_name>/oauth2/v2.0/authorize?client_id=<my_client_id>..., I get the following error:

The client id <my_client_id> specified in the request is not registered in tenant <my_tenant_name>.

Here is some information about my configuration:

• In https://portal.azure.com, I have created the Azure Active Directory B2C tenant which contains the user globaladmin@<my_domain>.onmicrosoft.com

  • In order to create the application, I navigated to https://apps.dev.microsoft.com, logged in as the global admin and created the "Web Portal v2" application following the instructions here

• I granted Web Portal v2 access to Microsoft Graph but did not grant access to Azure AD Windows Graph API (I didn't see this option anywhere)

• I can successfully navigate to https://portal.azure.com -> Find the Azure AD B2C resource -> Click into it -> Applications. And there is the newly created "Web Portal v2"

My application has been updated with the new ClientId and ClientSecret of "Web Portal v2". However, when I launch the application and click "Login", I get the error. What other configuration am I missing?

Also, I should add that the reason for all of the above configuration is so that I can migrate my application from using Azure AD V1 tokens to Azure AD V2 tokens, which have information in them such as User.Identity.Name, which is a value I use to display the currently logged-in user's name in the top right corner of the application. If there is a different/better way to achieve this then please let me know.

Answer 1

I think the reason for this is that the API Permissions aren't pre-provisioned when you create an app through the AD blade (or Graph API). The way to resolve is to add the API Permissions to the app:

Having just gone through the process of automating this I can tell you that there are four layers that have to be configured for this to work using Graph API (Note: using the beta endpoints).

1. Create application https://docs.microsoft.com/en-us/graph/api/application-post-applications?view=graph-rest-beta&tabs=http

2. Update application properties https://docs.microsoft.com/en-us/graph/api/application-update?view=graph-rest-beta&tabs=http a. requiredResourceAccess https://docs.microsoft.com/en-us/graph/api/resources/requiredresourceaccess?view=graph-rest-beta b. Any other properties, like implicitGrantSettings, logoutUrl, etc

3. Create Service Principal for app just created: https://docs.microsoft.com/en-us/graph/api/serviceprincipal-post-serviceprincipals?view=graph-rest-beta&tabs=http

4. Create oauth2PermissionGrants using the object id of the service principal: https://docs.microsoft.com/en-us/graph/api/oauth2permissiongrant-post?view=graph-rest-beta&tabs=http

Answer 2

The https://login.microsoftonline.com/te/<tenant_id>/<policy_id>/oauth2/v2.0/authorize?client_id=<client_id>... URL is correct, but you shouldn't create an Azure AD B2C application using the Application Registration Portal, otherwise it becomes a faulted app and you then receive the The client id ... specified in the request is not registered in tenant ... error.

An Azure AD B2C application should be created using the Azure AD B2C blade of the Azure Portal.

Answer 3

All you need to do is to grant admin consent for the Organization registered in the API Permission menu under the manage app setting. It worked for me immediately