Skip to content
This repository was archived by the owner on Sep 22, 2023. It is now read-only.
This repository was archived by the owner on Sep 22, 2023. It is now read-only.

Error using Get-MsalToken with Azure B2C Instance & custom policy #40

Open
Open
Error using Get-MsalToken with Azure B2C Instance & custom policy#40
@Venu-prahalad

Description

@Venu-prahalad
Venu-prahalad
opened on Sep 27, 2021

Hi,
I have a B2C instance setup with a custom sign-in policy and I am using the identity experience framework. I am trying to authenticate the user and obtain tokens via an interactive experience. I gave a try as below code.

`$ex = @{}

$ex.Add('domain_hint','myb2c.onmicrosoft.com')

$connectionDetails = @{

'ClientId'    = '5ee249ec-d5d2-43d1-9dfb-xxx911d98073'

'Interactive' = $true

'Scopes' = 'https://myb2c.onmicrosoft.com/xxxf401c-5e10-4977-b70b-721a17596de7/AllAccess'

'authority' = 'https://myb2c.onmicrosoft.com/myb2c.onmicrosoft.com/B2C_1A_signup_signin/oauth2/v2.0/authorize'

'LoginHint' = '[email protected]'

'ExtraQueryParameters' = $ex

}

$token = Get-MsalToken @connectionDetails

Write-Host $token

`
However I got error as below

Get-MsalToken : AADSTS50049: Unknown or invalid instance.
Trace ID: a01dbd69-ff03-413f-ad2e-1723f3997500
Correlation ID: 28db52d5-0ef8-4056-b5dd-61410826de9e
Timestamp: 2021-09-27 13:25:32Z
At C:\temp\Untitled2.ps1:17 char:10
$token = Get-MsalToken @connectionDetails
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CategoryInfo : AuthenticationError: (Microsoft.Ident...arameterBuilder:AcquireTokenInteractiveParameterBuilder) [Write-Error], MsalServiceExc
eption
FullyQualifiedErrorId : GetMsalTokenFailureAuthenticationError,Get-MsalToken

Is this flow supported? If so could anybody please help me with this? If there are any e.g. on these lines it would be great. I am using the latest 4.36 version of MSAL.PS

Update: If I change the authority url to as 'https://myb2c.onmicrosoft.com/tfp/467xxx97-0c7c-4648-9569-75e51a9967d5/B2C_1A_signup_signin' I get the below error

Get-MsalToken : A authority of type Aad was used at the application and of type B2C at the request level. Please use the same authority type between the
two.
At C:\temp\Untitled2.ps1:17 char:10
$token = Get-MsalToken @connectionDetails

CategoryInfo          : AuthenticationError: (Microsoft.Ident...arameterBuilder:AcquireTokenInteractiveParameterBuilder) [Write-Error], MsalClientExce 
   ption
FullyQualifiedErrorId : GetMsalTokenFailureAuthenticationError,Get-MsalToken

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions