How to bundle consent

You have a custom client and a custom API. There is an application registration in Azure AD for each of these apps, one for the custom client, and one for the custom API. You want your users to be able to bundle the consent for these apps. You might see one of the following errors… Step 1: Configure knownClientApplications for the API app registration First, you will need to add…

Read More

The identity of the calling application could not be established

You are getting the following error from Microsoft Graph or downstream services that uses Microsoft Graph… The identity of the calling application could not be established This error is thrown because the “oid” and “sub” claim is missing from the access token. This is because the servicePrincipal does not exist in the tenant or the tenant is not aware of the application. Partner Scenario If this is a Partner application,…

Read More

How to Resolve IDX10501 Errors in a B2C Microsoft.Identity.Web Application

Consider the situation where you are developing an ASP.NET Core application that needs to support Azure B2C. Following the official Microsoft Document, you implement the Microsoft.Identity.Web library and three built-in User Flows. All is working well, but you also need to implement a Custom Policy. You find the following documentation which shows how to make a request with the B2C policy specified: https://learn.microsoft.com/en-us/azure/active-directory-b2c/enable-authentication-web-application-options#pass-the-azure-ad-b2c-policy-id You try to implement this guidance. Everything…

Read More

Revoke Admin Consent for a delegated permission on a Service Principal with the MS Graph PowerShell SDK

Scenario: You use the Microsoft Graph Explorer tool to test a query. It requires you to consent to a permission so you use your admin account to do this. However, you click the check box to consent for the entire organization… woops! You did not mean to give everyone permissions for “AuditLog.Read.All” so now you need to revoke this permission. The easiest way to revoke consent is to just delete…

Read More

How to Solve Failed Authentication After Publishing App to Google Play Store

Issue Description You successfully implemented Azure AD Authentication in your Android app with the Microsoft Authentication Library. The application built and executed perfectly and passed all QA testing with flying colors. And then you published the application on Google Play. And authentication doesn’t work after installing the app. If you exposed authentication error messages to the user, or had them sent to your team, then you might see an error…

Read More

Troubleshooting Signature validation errors

These signature validation errors are caused when the resource provider (not Azure AD) is unable to validate the signature of the token, either because the signing key could not be found or the signing key used was not able to validate the signature. This article will describe the most common scenarios and solutions. The concept and root cause is still the same and will continue to apply. Unfortunately, many developers…

Read More

Retry Invoke-RestMethod requests in PowerShell when an error occurs

In this blog post, I will show you how you can trap a specific type of error when making a graph request using the Invoke-RestMethod commandlet and pause and retry the request x number of times before quitting. This is very helpful and is actually recommended to do error handling when making requests to Microsoft Graph. The key here is to set the Url that you’re going to be calling…

Read More

Capture http(s) traffic with Http Fiddler

1 – Download the Fiddler 4 application and install it on the machine used to reproduce the problem (if you have not already).  Go to http://www.telerik.com/download/fiddler 2 – Enable the option to  decrypt HTTPS traffic: Tools -> Options -> Https -> select ‘decrypt HTTPS Traffic’ (you may be prompted to install the Fiddler certificate – make sure to select Yes) Ensure this option is checked when collecting the trace as…

Read More