Microsoft-authentication-library-for-dotnet: MsalServiceException - AADB2C90273

@valnav, can you please help?

@Skirtek have you tried with the latest version of msal (3.0.8)? We have had a few b2c fixes, which are in v3. If you need help updating, let us know.

@jennyf19 Thank you for your help! We can try to update Msal to newer version but there is any reason why I'm getting this error? Any explanation in docs?

@Skirtek are you still getting the error? Can you include the logs?

@jennyf19 I'm so sorry but I don't have any logs to attach. Could this problem be related with this https://github.com/IdentityServer/IdentityServer4/issues/1087?

@Skirtek : for B2C I highly recommend that you use SO adding tag: "azure-ad-b2c". Doing so will reach the people who can help answer specifics on the B2C service.

As we learn more from this case there will hopefully be a question/answer on SO that we can link to in our wiki as well as having the right amount of information available on docs.microsoft.com.

For us to be able to help troubleshooting you should provide:
Please attach logs (See more: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/logging)

Also, as MSAL 2.7 is not the latest version of the library we recommend that you try out the latest version which at the time of writing is 3.0.8.

@parakhj @valnav can you help on the error message

@Skirtek looks like there is a configuration issue. Do you have a correlation id? also which idp are you trying to access?

@henrik-me Thank you for your help. Surely I should update MSAL version and add logging - it is lesson for me :) I want to find out why this error occured to fix it.

@jennyf19 Everything that I have about this error it is this exception message:

Microsoft.Identity.Client.MsalServiceException: AADB2C90273: An invalid response was received : 'Error: access_denied,Error Description: Permissions error'
Correlation ID: 177b4006-cab1-4193-91fc-47f1d8bda89e
Timestamp: 2019-04-25 17:52:23Z

Don't know about IDP because it can be Facebook and Google either. Probably Google.

@jennyf19 To be more accurate it happened 4 independent time (at different time intervals) and I was not able to reproduce this by using Login/Register policy in app.

@Skirtek : Did you open an issue on SO with the tag mentioned above? As mentioned, we don't own the service thus the right place to ask for what a given error message means is to reach out to them on SO. Thanks.

Also using a later library and adding logs will help with continued investigations, thus even if we can't tell you what the exact error is it will help a lot to get these two things in place as that will give us some additional leads on what the root cause can be.

@parakhj @valnav : can you please the B2C user here? that's not MSAL related ...

@parakhj @valnav : can you please the B2C user here? that's not MSAL related ...

Sorry about not jumping on this thread earlier. I looked into the code briefly (will continue to look)... and the best i could glean is that it happens when there is an invalid response from from an external OAuth2 provider.

Can you tell me your scenario - is this a local user or social or something else?

@valnav it's w/Google as the IdP....could you look up the correlation id? I lost access and have to apply again :/

@Skirtek Could you enable logs and include those? @valnav is not finding anything with the correlation id you provided above. Thanks.

I just saw the date it was 4-25 which is more than a month old and we have logs only for only 30 days.

@valnav Thank you for your reply. I'm pretty sure that is social user, very likely that it is Google account.

@valnav "Luckily" it happend again one day ago. Here is full exception from AppCenter with correlation-id. Thanks in advance for your investigation :)

Microsoft.Identity.Client.MsalServiceException: AADB2C90273: An invalid response was received : 'Error: access_denied,Error Description: Permissions error'
Correlation ID: 94a8dd77-2c06-46ad-b9f3-860c45ccdbcf
Timestamp: 2019-05-30 10:54:27Z

@Skirtek thanks for sharing that. Just to make sure i understand.
You are using App Center Auth;
the social login the logs say is from facebook
Can you confirm if you are using the Authorization Grant code flow? if so the code is null
OR
if not, the CSRF token is null

@valnav It is surprising information for me, thank you! Yes, we are using Authorization Grant code flow.

@Skirtek do you have access to the MSAL code or are you using it through app center? if so, which platform are you using (android or ios)

@jennyf19 This exception message came from our AppCenter crashes monitoring. We are using both platforms and exception appeard for users on both platforms

@Skirtek Did you use the MSAL auth component that comes w/AppCenter or did you include MSAL separately? Asking because AppCenter uses our native Android and Obj-C library, and want to find the right place to get your question answered, unless you are including MSAL separately and using the .NET library. If using MSAL.NET, can you enable logging and send us the results from a failed test? thanks.

@jennyf19 Sorry for missunderstanding! Yes we are using MSAL library from NuGet. We have task to enable logging from MSAL but it do not depends on me when we will do it :(

@Skirtek Awesome, thanks for clarifying. Having MSAL logs would be helpful, but do you have AppCenter logs that can be shared from a failed case? You can email them too.

@Skirtek any update on this?

Closing. Please open if you still need our help.