-
Notifications
You must be signed in to change notification settings - Fork 21.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error "unauthorized_client" when using Microsoft as authentication provider #37847
Comments
Thanks for the feedback! We are currently investigating and will update you shortly. |
@saikumaru I was able to reproduce your issue. I have assigned the issue to the content author as we investigate further so that we can correct the document as appropriate. |
@RyanHill-MSFT I'm experiencing the same problem. Please let me know as well when the document is corrected. Thanks |
I am experiencing the same issue as well. |
Looking forward for the fix |
Question. Are you configuring If you are using If your AD application is properly configured, it should show the following. I think our documentation might not be up to date with the identity flow. Please tell me what works so that I can do a PR on the docs. |
Anyone find a fix for this yet? I'm getting the same error in November 2019. |
yep same here, my app was working just fine till November 2019 |
I'll follow up with the team and post any updates. |
On my end, i created new app and followed their PHP tutorial, all works. Repo is here if you want to try it: |
I ended up deleting the app registration and recreating all the settings ensuring to select on the supported account types the multi-tenant account types & personal Microsoft accounts (as this option was missing in my last app registration and I couldn't select it). Then it worked! |
It didn't work after second attempt @mattchenderson @RyanHill-MSFT here are some findings so far:
Sample output:
|
when I select organizational accounts - this doesn't work and return the error described above. unauthorized_client: The client does not exist or is not enabled for consumers. when i select multi-tenant+personal windows accounts - it auto-selects my windows account, and doesn't let me select. i have both, live and aad org accounts - i can't use the org account? what if i want to use multiple aad tenants? this should be easier. |
Getting the same error here. any update on this issue? |
@RyanHill-MSFT turned out to be the supported account type was not set to any directory. it works now. thx |
Thanks for letting us know @koo9. Feel free to reopen this thread if the updated doc doesn't help. |
I was getting the same exact error while using this Microsoft Graph Official Tutorial. After deleting the previous |
I was getting the same error but on my side i have fixed this by correcting the app id in config json files. |
Specifying the tenant Id of the organization instead of default value "common" worked fro me. |
@Satyala Where do you do that? |
@gregorvilkner Hi Gregor! I am having the same issue as you i.e. when I allow multi-tenant+personal windows accounts, I can't select the right account and when I limit it to my organization, I get "unauthorized client". Were you able to get around this problem? I found limited success by using "OpenID Connect" as the provider instead of "Microsoft". That lets me login using my organization account but I'm stuck with AADB2C90238, which I'm assuming has to do with incorrect mapping of the fields. I'm using the following configuration:
Update: I have managed to get it working by following the instructions here: https://docs.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-single-tenant |
@pravindahal yes: I don't allow windows personal accounts ;) |
I haven't had any luck using my own client id. I noticed the following message: https://docs.microsoft.com/en-us/azure/active-directory/develop/publisher-verification-overview I know this is a new constraint. I think prior to this most problems were a result of the wrong account type being selected. |
My issue was that I used the Client secret ID instead of 'Application (client) ID'. |
Exactly same here.. A warning message should be added besides the secret ID, most of OAuth developers will assume the client ID and client secret are besides each other. |
Same here, a thousand thanks to you |
Same here, thanks a bunch. |
Wasn't the case for me, for I triple checked that all my IDs were correct... |
In my case, I was working on a single-tenant app and forgot to include MICROSOFT_AUTH_TENANT_ID in settings (Django). |
Me too, it would be helpful if the docs were more consistent with naming, but then there are so many docs doing so would take a small army. |
Thanks @nin-o 🚀 |
Thank's @nin-o |
I can't believe this was the issue... thank you @nin-o |
Still getting this error, even with the steps provided. I am following a guide on setting up a fileshare with onedrive, found here |
well I've got this issue when trying to login in personal teams account on android device :) |
I am setting up my app and AD as per the steps provided, but when the web app link is entered I get the below error on the browser, instead of taking me to the Login screen.
We're unable to complete your request unauthorized_client: The client does not exist or is not enabled for consumers. If you are the application developer, configure a new application through the App Registrations in the Azure Portal at https://go.microsoft.com/fwlink/?linkid=2083908.
Moreover this topic also doesn't mention what is the relevant "Supported account types" that is to be selected while building the AD app.
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: