stackoom
  简体   繁体   中英

Azure AD error while parsing OAuth2 callback: invalid_client

 原文  2022-04-06 12:12:41       azure/ azure-active-directory

Question

I have an application registered in Azure AD using https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app When trying to login to my app to connect to Microsoft Login. I am getting invalid client error. In logs I seen following error.

error=invalid_client&error_description="AADSTS650052 The app needs access to a service (https://aks-aad-server.azure.com) that your organization xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx has not subscribed to or enabled. Contact your IT Admin to review the configuration of your service subscriptions"

Note: I have Microsoft Office 365 standard subscription plan,

2 answers

solution1
 0  2022-04-07 06:52:29

AADSTS650052 The app needs access to a service ( https://aks-aad-server.azure.com ) that your organization xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx has not subscribed to or enabled. Contact your IT Admin to review the configuration of your service subscriptions

To resolve the above error, please check the below workarounds

  • While registering the application in Azure AD, check the supported account type you have selected

  • If you selected “single tenant” you can't login to your application
    from different tenant

  • To access your application from different tenant update supported
    account type to “multi-tenant”

To know how to do that in detail refer this link:

https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant#update-registration-to-be-multi-tenant

  • After registering the application, navigate to Exposing an API and set App ID URI and Add required scopes such as read, user impersonation etc.

  • Add Client ID of your Application to knownClientApplications parameter in the Manifest

Your admin needs to accept the consent prompt to access this application use the below URL by updating the ClientID parameter with your application client-id

https://login.microsoftonline.com/common/oauth2/authorize?client_id=1a8e25b8-xxxx-xxxx-xxxx-xxxxxxxxxxxx&prompt=admin_consent&response_type=code

When your admin granted those permission, you can login to your application successfully

Reference:

https://learn.microsoft.com/en-us/answers/questions/28697/invalid-client-aadsts650052-the-app-needs-access-t.html

solution2
 0 ACCPTED  2022-04-08 09:48:10

Found the wrong scope in the oauth2-proxy configuration which sending incorrect request to azure and after updating the scope to correct the issue is resolved.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Apple Sign in getting error "Invalid_client" firebase android AWS cognito ASP.NET Core MVC throws 'invalid_client' invalid_client when requesting Amazon Cognito token with code from java spring back end Sending emails between accounts using Microsoft Graph using Azure AD produces invalid IP error oauth2client.client.HttpAccessTokenRefreshError: invalid_grant: Invalid JWT 405 method not allowed error in AWS Cognito oauth2/token endpoint Can OAuth2 be used in Google Cloud Client Libraries? Firebase Cloud messaging : app/invalid-credential - failed to fetch a valid Google OAuth2 access token Google OAuth 2.0 failing with Error 400: invalid_request for some client_id, Can't Sign in because 'App' sent an invalid request How can I tell when a Azure AD client secret expires?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM