Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The following errors can be returned by the Azure Active Directory B2C service.
| Error code | Message | Notes |
|---|---|---|
AADB2C90001 |
This user already exists, and profile '{0}' does not allow the same user to be created again. | Sign-up flow |
AADB2C90002 |
The CORS resource '{0}' returned a 404 not found. | Hosting the page content |
AADB2C90006 |
The redirect URI '{0}' provided in the request is not registered for the client ID '{1}'. | Register a web application, Sending authentication requests |
AADB2C90007 |
The application associated with client ID '{0}' has no registered redirect URIs. | Register a web application, Sending authentication requests |
AADB2C90008 |
The request does not contain a client ID parameter. | Sending authentication requests |
AADB2C90010 |
The request does not contain a scope parameter. | Sending authentication requests |
AADB2C90011 |
The client ID '{0}' provided in the request does not match client ID '{1}' registered in policy. | |
AADB2C90012 |
The scope '{0}' provided in request is not supported. | Register web API and configure scopes, Sending authentication requests |
AADB2C90013 |
The requested response type '{0}' provided in the request is not supported. | Web sign-in with OpenID Connect |
AADB2C90014 |
The requested response mode '{0}' provided in the request is not supported. | Sending authentication requests |
AADB2C90016 |
The requested client assertion type '{0}' does not match the expected type '{1}'. | deprecated |
AADB2C90017 |
The client assertion provided in the request is invalid: {0} | deprecated |
AADB2C90018 |
The client ID '{0}' specified in the request is not registered in tenant '{1}'. | Register a web application, Sending authentication requests |
AADB2C90019 |
The key container with ID '{0}' in tenant '{1}' does not have a valid key. Reason: {2}. | |
AADB2C90021 |
The technical profile '{0}' does not exist in the policy '{1}' of tenant '{2}'. | |
AADB2C90022 |
Unable to return metadata for the policy '{0}' in tenant '{1}'. | Share the application's metadata publicly |
AADB2C90023 |
Profile '{0}' does not contain the required metadata key '{1}'. | |
AADB2C90025 |
Profile '{0}' in policy '{1}' in tenant '{2}' does not contain the required cryptographic key '{3}'. | |
AADB2C90027 |
Basic credentials specified for '{0}' are invalid. Check that the credentials are correct and that access has been granted by the resource. | HTTP basic authentication |
AADB2C90028 |
Client certificate specified for '{0}' is invalid. Check that the certificate is correct, contains a private key and that access has been granted by the resource. | HTTPS client certificate authentication |
AADB2C90031 |
Policy '{0}' does not specify a default user journey. Ensure that the policy or it's parents specify a default user journey as part of a relying party section. | Default user journey |
AADB2C90035 |
The service is temporarily unavailable. Please retry after a few minutes. | |
AADB2C90036 |
The request does not contain a URI to redirect the user to post logout. Specify a URI in the post_logout_redirect_uri parameter field. | Send a sign-out request |
AADB2C90037 |
An error occurred while processing the request. Please locate the CorrelationId from the response. |
Submit a new support request, and include the CorrelationId. |
AADB2C90039 |
The request contains a client assertion, but the provided policy '{0}' in tenant '{1}' is missing a client_secret in RelyingPartyPolicy. | deprecated |
AADB2C90040 |
User journey '{0}' does not contain a send claims step. | User journey orchestration steps |
AADB2C90043 |
The prompt included in the request contains invalid values. Expected 'none', 'login', 'consent' or 'select_account'. | |
AADB2C90044 |
The claim '{0}' is not supported by the claim resolver '{1}'. | Claim resolvers |
AADB2C90046 |
We are having trouble loading your current state. You might want to try starting your session over from the beginning. | |
AADB2C90047 |
The resource '{0}' contains script errors preventing it from being loaded. | Configure CORS |
AADB2C90048 |
An unhandled exception has occurred on the server. | |
AADB2C90051 |
No suitable claims providers were found. | |
AADB2C90052 |
Invalid username or password. | |
AADB2C90053 |
A user with the specified credential could not be found. | |
AADB2C90054 |
Invalid username or password. | |
AADB2C90055 |
The scope '{0}' provided in request must specify a resource, such as 'https://example.com/calendar.read'. | Web API application |
AADB2C90057 |
The provided application is not configured to allow the OAuth Implicit flow. | Enable the implicit grant flow, Single-page sign in using the OAuth 2.0 implicit flow |
AADB2C90058 |
The provided application is not configured to allow public clients. | Register application as a public client |
AADB2C99059 |
The supplied request must present a code_challenge. Required for single-page apps using the authorization code flow. | Authorization code flow |
AADB2C90067 |
The post logout redirect URI '{0}' has an invalid format. Specify an https based URL such as 'https://example.com/return' or for native clients use the IETF native client URI 'urn:ietf:wg:oauth:2.0:oob'. | Send a sign-out request |
AADB2C90068 |
The provided application with ID '{0}' is not valid against this service. Please use an application created via the B2C portal and try again. | Register a web application in Azure AD B2C |
AADB2C90073 |
KeyContainer with 'id': '{0}' cannot be found in the directory '{1}' | |
AADB2C90075 |
The claims exchange '{0}' specified in step '{1}' returned HTTP error response with Code '{2}' and Reason '{3}'. | |
AADB2C90077 |
User does not have an existing session and request prompt parameter has a value of '{0}'. | |
AADB2C90079 |
Clients must send a client_secret when redeeming a confidential grant. | Create a web app client secret |
AADB2C90080 |
The provided grant has expired. Please re-authenticate and try again. Current time: {0}, Grant issued time: {1}, Grant sliding window expiration time: {2}. | Token lifetime behavior |
AADB2C90081 |
The specified client_secret does not match the expected value for this client. Please correct the client_secret and try again. | Sending authentication requests |
AADB2C90083 |
The request is missing required parameter: {0}. | Sending authentication requests |
AADB2C90084 |
Public clients should not send a client_secret when redeeming a publicly acquired grant. | Test the ROPC flow |
AADB2C90085 |
The service has encountered an internal error. Please reauthenticate and try again. | |
AADB2C90086 |
The supplied grant_type [{0}] is not supported. | Sending authentication requests |
AADB2C90087 |
The provided grant has not been issued for this version of the protocol endpoint. | |
AADB2C90088 |
The provided grant has not been issued for this endpoint. Actual Value : {0} and Expected Value : {1} | |
AADB2C90091 |
User cancellation. | User canceled the operation |
AADB2C90092 |
The provided application with ID '{0}' is disabled for the tenant '{1}'. Please enable the application and try again. | |
AADB2C90107 |
The application with ID '{0}' cannot get an ID token either because the openid scope was not provided in the request or the application is not authorized for it. | Sending authentication requests |
AADB2C90108 |
The orchestration step '{0}' does not specify a CpimIssuerTechnicalProfileReferenceId when one was expected. | User journeys |
AADB2C90110 |
The scope parameter must include 'openid' when requesting a response_type that includes 'id_token'. | Sending authentication requests |
AADB2C90111 |
Your account has been locked. Contact your support person to unlock it, then try again. | Mitigate credential attacks |
AADB2C90114 |
Your account is temporarily locked to prevent unauthorized use. Try again later. | Mitigate credential attacks |
AADB2C90115 |
When requesting the 'code' response_type, the scope parameter must include a resource or client ID for access tokens, and 'openid' for ID tokens. Additionally include 'offline_access' for refresh tokens. | Sending authentication requests |
AADB2C90117 |
The scope '{0}' provided in the request is not supported. | Sending authentication requests |
AADB2C90118 |
The user has forgotten their password. | Password reset error |
AADB2C90120 |
The max age parameter '{0}' specified in the request is invalid. Max age must be an integer between '{1}' and '{2}' inclusive. | |
AADB2C90122 |
Input for '{0}' received in the request has failed HTTP request validation. Ensure that the input does not contain characters such as < or &. | |
AADB2C90128 |
The account associated with this grant no longer exists. Please reauthenticate and try again. | |
AADB2C90129 |
The provided grant has been revoked. Please reauthenticate and try again. | |
AADB2C90145 |
No unverified phone numbers have been found and policy does not allow a user entered number. | |
AADB2C90146 |
The scope '{0}' provided in request specifies more than one resource for an access token, which is not supported. | |
AADB2C90149 |
Script '{0}' failed to load. | |
AADB2C90151 |
User has exceeded the maximum number for retries for multifactor authentication. | |
AADB2C90152 |
A multi-factor poll request failed to get a response from the service. | |
AADB2C90154 |
A multi-factor verification request failed to get a session ID from the service. | |
AADB2C90155 |
A multi-factor verification request has failed with reason '{0}'. | |
AADB2C90156 |
A multi-factor validation request has failed with reason '{0}'. | |
AADB2C90157 |
User has exceeded the maximum number for retries for a self-asserted step. | |
AADB2C90158 |
A self-asserted validation request has failed with reason '{0}'. | |
AADB2C90159 |
A self-asserted verification request has failed with reason '{0}'. | |
AADB2C90161 |
A self-asserted send response has failed with reason '{0}'. | |
AADB2C90165 |
The SAML initiating message with ID '{0}' cannot be found in state. | |
AADB2C90168 |
The HTTP-Redirect request does not contain the required parameter '{0}' for a signed request. | |
AADB2C90178 |
The signing certificate '{0}' has no private key. | |
AADB2C90182 |
The supplied code_verifier does not match associated code_challenge | |
AADB2C90183 |
The supplied code_verifier is invalid | |
AADB2C90184 |
The supplied code_challenge_method is not supported. Supported values are plain or S256 | |
AADB2C90188 |
The SAML technical profile '{0}' specifies a PartnerEntity URL of '{1}', but fetching the metadata fails with reason '{2}'. | Share the application's metadata publicly |
AADB2C90194 |
Claim '{0}' specified for the bearer token is not present in the available claims. Available claims '{1}'. | OAuth2 bearer authentication |
AADB2C90205 |
This application does not have sufficient permissions against this web resource to perform the operation. | Register web API and configure scopes |
AADB2C90206 |
A time out has occurred initialization the client. | |
AADB2C90208 |
The provided id_token_hint parameter is expired. Please provide another token and try again. | Token format |
AADB2C90209 |
The provided id_token_hint parameter does not contain an accepted audience. Valid audience values: '{0}'. Please provide another token and try again. | Token format |
AADB2C90210 |
The provided id_token_hint parameter could not be validated. Please provide another token and try again. | Token format, Issue a token with symmetric keys |
AADB2C90211 |
The request contained an incomplete state cookie. | |
AADB2C90212 |
The request contained an invalid state cookie. | |
AADB2C90220 |
The key container in tenant '{0}' with storage identifier '{1}' exists but does not contain a valid certificate. The certificate might be expired or your certificate might become active in the future (nbf). | Policy keys in Azure AD B2C |
AADB2C90223 |
An error has occurred sanitizing the CORS resource. | |
AADB2C90224 |
Resource owner flow has not been enabled for the application. | Register a ROPC flow enabled application |
AADB2C90225 |
The username or password provided in the request are invalid. | |
AADB2C90226 |
The specified token exchange is only supported over HTTP POST. | Token format |
AADB2C90232 |
The provided id_token_hint parameter does not contain an accepted issuer. Valid issuers: '{0}'. Please provide another token and try again. | |
AADB2C90233 |
The provided id_token_hint parameter failed signature validation. Please provide another token and try again. | Issue a token with symmetric keys |
AADB2C90235 |
The provided id_token is expired. Please provide another token and try again. | Token format |
AADB2C90237 |
The provided id_token does not contain a valid audience. Valid audience values: '{0}'. Please provide another token and try again. | Token format |
AADB2C90238 |
The provided id_token does not contain a valid issuer. Valid issuer values: '{0}'. Please provide another token and try again. | Token format |
AADB2C90239 |
The provided id_token failed signature validation. Please provide another token and try again. | Issue a token with symmetric keys |
AADB2C90240 |
The provided id_token is malformed and could not be parsed. Please provide another token and try again. | Issue a token with symmetric keys |
AADB2C90242 |
The SAML technical profile '{0}' specifies PartnerEntity CDATA which cannot be loaded for reason '{1}'. | Configure the SAML technical profile |
AADB2C90243 |
The IDP's client key/secret is not properly configured. | Add an IDP to your Azure AD B2C tenant |
AADB2C90244 |
There are too many requests at this moment. Please wait for some time and try again. | Azure AD B2C service limits and restrictions |
AADB2C90248 |
Resource owner flow can only be used by applications created through the B2C admin portal. | Register a ROPC flow enabled application |
AADB2C90250 |
The generic login endpoint is not supported. | Supported and unsupported SAML modalities |
AADB2C90255 |
The claims exchange specified in technical profile '{0}' did not complete as expected. You might want to try starting your session over from the beginning. | |
AADB2C90261 |
The claims exchange '{0}' specified in step '{1}' returned HTTP error response that could not be parsed. | |
AADB2C90272 |
The id_token_hint parameter has not been specified in the request. Please provide token and try again. | Issue a token with symmetric keys |
AADB2C90273 |
An invalid response was received : '{0}' | |
AADB2C90274 |
The provider metadata does not specify a single logout service or the endpoint binding is not one of 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' or 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'. | Share the application's metadata publicly |
AADB2C90276 |
The request is not consistent with the control setting '{0}': '{1}' in technicalProfile '{2}' for policy '{3}' tenant '{4}'. | |
AADB2C90277 |
The orchestration step '{0}' of user journey '{1}' of policy '{2}' does not contain a content definition reference. | Content definitions |
AADB2C90279 |
The provided client ID '{0}' does not match the client ID that issued the grant. | Web sign-in with OpenID Connect |
AADB2C90284 |
The application with identifier '{0}' has not been granted consent and is unable to be used for local accounts. | Register a web application in Azure AD B2C |
AADB2C90285 |
The application with identifier '{0}' was not found. | Register a web application in Azure AD B2C |
AADB2C90288 |
UserJourney with ID '{0}' referenced in TechnicalProfile '{1}' for refresh token redemption for tenant '{2}' does not exist in policy '{3}' or any of its base policies. | |
AADB2C90287 |
The request contains invalid redirect URI '{0}'. | Register a web application, Sending authentication requests |
AADB2C90289 |
We encountered an error connecting to the identity provider. Please try again later. | Add an IDP to your Azure AD B2C tenant |
AADB2C90289 |
We encountered an 'invalid_client' error connecting to the identity provider. Please try again later. | Make sure the application secret is correct or it hasn't expired. Learn how to Register apps. |
AADB2C90296 |
Application has not been configured correctly. Please contact administrator of the site you are trying to access. | Register a web application |
AADB2C99005 |
The request contains an invalid scope parameter which includes an illegal character '{0}'. | Web sign-in with OpenID Connect |
AADB2C99006 |
Azure AD B2C cannot find the extensions app with app ID '{0}'. Please visit https://go.microsoft.com/fwlink/?linkid=851224 for more information. | Azure AD B2C extensions app |
AADB2C99011 |
The metadata value '{0}' has not been specified in TechnicalProfile '{1}' in policy '{2}'. | Custom policy Technical profiles |
AADB2C99013 |
The supplied grant_type [{0}] and token_type [{1}] combination is not supported. | |
AADB2C99015 |
Profile '{0}' in policy '{1}' in tenant '{2}' is missing all InputClaims required for resource owner password credential flow. | Create a resource owner policy |
AADB2C99002 |
User doesn't exist. Please sign up before you can sign in. | |
AADB2C99027 |
Policy '{0}' does not contain an AuthorizationTechnicalProfile with a corresponding ClientAssertionType. | Client credentials flow |
AADB2C90229 |
Azure AD B2C throttled traffic if too many requests are sent from the same source in a short period of time | Best practices for Azure Active Directory B2C |