Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

MsalServiceException AADSTS50049 when targeting B2C

See original GitHub issue

I just migrated our code to MSAL 2.2.0 and also changed to use the b2clogin.com domain instead of the login.microsoft.com domain we were using before.

I cannot seem to figure out how to construct the correct authority string. Here is what my code currently looks like:

private const string mTenant = "ideliverableb2c.onmicrosoft.com";
private const string mClientId = "d77e...caa6"; // Obfuscated here
private const string mSignInPolicyName = "B2C_1_si";

private PublicClientApplication mClientApplication =
    new PublicClientApplication(mClientId, authority: $"https://ideliverableb2c.b2clogin.com/tfp/{mTenant}/{mSignInPolicyName}")
    {
        RedirectUri = $"msal-{mClientId}://auth",
        ValidateAuthority = false
    };

I have tried various different ways to format the authority string, but no matter what I do I get the same exception when I call mClientApplication.AcquireTokenAsync():

Microsoft.Identity.Client.MsalServiceException: AADSTS50049: Unknown or invalid instance.

Response body:

{
    "error":"invalid_instance",
    "error_description":"AADSTS50049: Unknown or invalid instance.\r\nTrace ID: 6b61d006-7a2a-4b7e-b497-3cd6d9dc3800\r\nCorrelation ID: 78054f61-e0a9-4685-b761-64bc728ff90d\r\nTimestamp: 2018-10-09 19:28:23Z",
    "error_codes":[50049],
    "timestamp":"2018-10-09 19:28:23Z",
    "trace_id":"6b61d006-7a2a-4b7e-b497-3cd6d9dc3800",
    "correlation_id":"78054f61-e0a9-4685-b761-64bc728ff90d"
}

What am I doing wrong here?

Issue Analytics

State:
Created 5 years ago
Comments:27 (4 by maintainers)

Top GitHub Comments

5reactions

lybaxcommented, Feb 19, 2019

It is also useful to specify that the Authority url should be like :

https://TENANT.b2clogin.com/tfp/TENANT.onmicrosoft.com/POLICY/v2.0/.well-known/openid-configuration

(never properly mentioned in any documentation)

1reaction

yodiescommented, Jan 12, 2020

WithAuthority now has an overload of sorts, WithB2CAuthority. While I was using a properly-formatted authority (https://TENANT.b2clogin.com/tfp/TENANT.onmicrosoft.com/POLICY/), I continued to get the error:

"B2C 'authority' Uri should have at least 3 segments in the path (i.e. https://<host>/tfp/<tenant>/<policy>/...)"

Thankfully, the sample here showed the overload. Once I started using it, I was able to get connected.

Top Results From Across the Web

AADSTS50049 Invalid instance error for b2c login

Hi,. I'm getting an error while making a authentication call to B2C. URL is appearing in the format as below:

Configuring Azure AD B2C ApiScopes and ApiUrl

1 Answer. If you are using the your-tenant-name.b2clogin.com domain with MSAL, then (at the time of this writing) you must: Ensure Authority ...

Azure AD B2C: : Error: "AADSTS50049: Unknown or invalid ...

I'm trying to adapt the new b2clogin.com before login.microsoftonline.com is deprecated but keep getting Error: "AADSTS50049: Unknown or invalid instance".

Untitled

Customize the look and feel of your Azure AD B2C page B2C Popup on iOS: "My ... مادة sodium hypochlorite MsalServiceException AADSTS50049 when...

ADAL to MSAL migration for the Azure AD B2C ...

ADAL to MSAL migration for the Azure AD B2C “B2CGraphClient” utility ... catch (MsalServiceException ex) when (ex.Message.Contains("AADSTS70011"))