-1

I am working on an Azure Microsoft Entra External ID authentication in my MAUI Blazor hybrid app. I have a user flow in my tenant to allow external users to sign in via Google. When I created it, it was tied to an app registration that no longer exists. When I login using the user flow, I get an error claiming I am using the wrong client id, but the client is correct. The one it mentions does not even exist:

AADB2C90011: The client id [NEW CLIENT ID] provided in the request does not match client id [OLD CLIENT ID] registered in policy.

I created (from scratch) an app registration and a user flow. Then I updated the user flow to include the app registration but it still shows the same error. I cannot even delete the old application from the user flow which I think would fix the issue. What policy could be forcing all user flows to use the [OLD CLIENT ID] even if the user flow does not have that client id registered as a valid one?

I have waited some time before trying again:

  1. Deleted all associated app registrations (I also deleted the API app registration).
  2. Deleted the Google Identity provider.
  3. Deleted the user flow.
  4. Recreated the web app registration.
  5. Recreated the user flow.
  6. Reconfigured the Google Identity provider with a new client secret.
  7. Associated the newly recreated app registration to the newly recreated user flow.
  8. Waited 10 minutes.

I still see the same behavior.

Improve this question
3
  • Original post on MS Q&A: learn.microsoft.com/en-us/answers/questions/5612419/… Commented Nov 8 at 14:05
  • Have you tried this in a private session? Have you tried deleting all cookies? Do you get the error from the "Run user flow"? Do you get it from the app? - in which case did you update the config? Is the correct app configured in the user flow (via "Applications")? Is that the only app. configured? Have you looked at a network trace so see what's being sent? Commented Nov 10 at 4:09
  • Yes. I have tried in a new incognito session and see the same behavior. I do not have the option to "Run user flow" so this is from the application. The configuration is solid. I am sending the correct id for sure. I will have to revert the current version of the code to the External Identity implementation to share the full configuration so I will do this at another time. I do not think a network trace will help in this situation: we are sending the correct payload, the issue is that the tenant itself is claiming the client Id sent is not what is allowed by the user flow. Commented Nov 11 at 17:51
Related questions
0
Microsoft Entra External ID: OpenID Connect configuration doesn’t appear in user flow
0
How to allow any Entra ID user to sign in to Azure External ID (customers) without invitation or signup (similar to Azure AD B2C)?
1
How to access User information for Microsoft Entra External ID through code?
Load 5 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.