unsupported response type in oauth
Solution 1
According to the MSDN Documentation on AAD Auth Failures - Implicit OAuth is not enabled for the application, you need to set oauth2AllowImplicitFlow
to true
in the App Registration Manifest in the Azure Portal.
The Issue
When creating your app registration in AAD, you need to manually edit the application manifest and set the value of the oauth2AllowImplicitFlow
property to true
. Otherwise the AAD sign in flow will not work
error "AADSTS70005: response_type 'token' is not supported for the application..."
The Solution
Follow these steps to solve this issue.
-
Sign into portal.azure.com with an administrator account in your tenant.
-
Navigate to Azure Active Directory in the left hand side bar > App registrations > Your app.
-
Click Manifest at the top of the pane describing your app.
-
Change the value of the property
oauth2AllowImplicitFlow
totrue
. If the property is not present, add it and set its value totrue
. -
Click "Save" to save the modified manifest.
Solution 2
Since you are using OAuth2 Implicit Grant flow to authenticate your application, you'll need to set the response type to id_token
, token
or id_token token
instead of code
.
You'll also need set the "oauth2AllowImplicitFlow" value to true
in the AAD application's manifest file.
Giridhar Joshi
Updated on June 04, 2022Comments
-
Giridhar Joshi almost 2 years
Hi I am developing web application in Angular 2. I have oauth authentication in webapi. I am using Angular 2 in front end. On login I am calling below code.
private login() { this.oauthService.initImplicitFlow(); this.oauthService.loginUrl = "https://login.microsoftonline.com/d35ba220-6896666-4acc-9899-dc75131c4fba/oauth2/authorize?resource=\"https://graph.windows.net/ \"& response_type=code"; this.oauthService.redirectUri = "http://localhost:65298"; this.oauthService.clientId = "<MY_CLIENT_ID>"; this.oauthService.issuer = "https://login.microsoftonline.com/d35ba220-6749-4acc-578787-dc75131c4fba"; this.oauthService.oidc = true; this.oauthService.setStorage(sessionStorage); this.oauthService.tryLogin({}); }
I am getting below error.
http://localhost:65298/?error=unsupported_response_type&error_description=AADSTS70005%3a+ The+WS-Federation+sign-in+response+message+contains+an+unsupported+OAuth+parameter+value+in+the+encoded+wctx%3a+%27response_type%27%0d%0aTrace+ID%3a+65dc2592-4ba1-42f6-9f24-eba1c1894900%0d%0aCorrelation+ID%3a+6edaf003-3d26-434b-9b8a-88a267feb350%0d%0aTimestamp%3a+2018-01-17+09%3a09%3a39Z&state=9MnA2eD68aZtOvHSodIjX9IqA1NdSjslrnGaFAlL
Can someone help me to fix this?