Azure-docs: Registering the IdentityExperienceFramework and ProxyIdentityExperienceFramework apps through the App registrations (Preview) causes the example custom flows to work only for sign up, but not authentication

Created on 29 Apr 2020 · 10Comments · Source: MicrosoftDocs/azure-docs

The problem itself is that after registration, the redirect is done properly and the user is redirected with a token. When an attempt is made to sign in with the same user, though, a message 'Invalid username or password' is displayed and the user does not get authenticated. I am certain this was with the correct credentials, as using a wrong email or a wrong password was returning different error messages each.

Using the supposedly deprecated 'App registrations (Legacy)' method works, though.

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: bee63035-00ee-f7fd-97a1-69dae5f808ef
Version Independent ID: a3447928-73cc-0290-6d46-b89234757e3b
Content: Get started with custom policies - Azure AD B2C
Content Source: articles/active-directory-b2c/custom-policy-get-started.md
Service: active-directory
Sub-service: b2c
GitHub Login: @msmimart
Microsoft Alias: mimart

B2subsvc Pri1 active-directorsvc awaiting-product-team-response cxp product-question triaged

Source

Negwood

Most helpful comment

@Negwood @MSRobert @vivaladan @AmitavaHazra Please see above.

nickgmicrosoft on 6 May 2020

👍2

All 10 comments

I am also facing same issue (sign up is done, but not able to sign in) but it was working properly few hours back.

AmitavaHazra on 29 Apr 2020

@Negwood Thanks for your feedback! We will investigate and update as appropriate.

SaurabhSharma-MSFT on 29 Apr 2020

I've reported this issue to the product team to ask if there is an outage. @negwood, was it also working for you before like it was for Amita? Amita, at what time did it stop working? Do you have any error logs you can share?

MarileeTurscak-MSFT on 1 May 2020

We have reached out to the product team to see if there was a recent outage. Typically this issue happens when the permissions on the ProxyIdentityExperienceFramework aren't set properly. I'd say doublecheck that ProxyIdentityExperienceFramework has Admin consent for Azure Active Directory Graph: User.Read and IdentityExperienceFramework: User_Impersonation. In the meantime if I hear back from the PG I will post the status here.

MarileeTurscak-MSFT on 2 May 2020

@MarileeTurscak-MSFT I cannot tell if it had been working before, as this was the first time I have tried working with custom policies.

Thanks for the tips and the attention!

Negwood on 2 May 2020

@MarileeTurscak-MSFT @SaurabhSharma-MSFT I've also encountered this issue. Cannot login with existing local accounts and while I can create new accounts through the custom policy, I can't login with them either. It works after deleting the applications and creating them with the legacy steps.

vivaladan on 4 May 2020

I have the same issue with a new setup. I have even started from scratch with the policy starter pack without any customizations.

MSRobert on 4 May 2020

@Negwood set allowpublicclient to true in the manifest for proxy app.

abdulwestwood on 6 May 2020

👍1

A hotfix has been issued for this problem, should be resolved by Monday.

The UI element for the following step in the instructions was made unavailable:
3. Under Advanced settings, enable Treat application as a public client (select Yes).

As a temporary work around: