So after getting everything working by the book, I decided to break everything and see how much trouble I could get into by doing it from memory. Well trouble ahoy!

After working through all the issues that I ran into I decided to break down everything that needs to be created and how it all works. The below diagram should help illustrate this. It’s important to understand how this works. Otherwise, troubleshooting can be very frustrating.

Alt

Issue #1: Missing Redirect in AAD B2C App Registration

Ran into this weird issue after I deleted my original app registration to “start over”.

Alt

This was easily solved by adding my Redirect URI back in like this:

Alt

Select “add a platform”

Alt

Select “Mobile and Desktop applications”

Select the native client URI

Alt

This is what your configuration will look like now:

Alt

Issue #2: No AAD [Non-B2C] App Registration

Well I no no longer see the previous error but now we have a new one:

Alt

It’s not super helpful but it seems somehow related to my B2C app in some way. I thought it might be due to this flag not being set:

Alt

But even after enabling “public client flows” I still received that error.

When I look at the manifest for my app registration I noticed that implicit flow was disabled.

Alt

I thought this was strange so I tried downloading the Manifest, manually setting the implicit flow flags to true and re-uploading. This did not work so I reverted. It turns out, it was not related to my B2C app at all. I need to have an AAD app registration in my AAD tenant. So I had to switch directories and go back to my true AAD tenant and create a new app registration. Seems I missed this documentation.

Alt

Issue #3: Incorrectly configured AAD App Registration

After I setup the AAD app registration again and re-configured the Microsoft Accounts IdPit worked. Kind of. I was able to login but I could not get a bearer token. So the authentication didn’t work all the way. Which, I guess, is kind of important.

AADB2C90289: We encountered an error connecting to the identity provider. Please try again later.

Some internet strangers seemed to think it was 99% likely that my client secret was incorrect within my AAD application. But it turns out I accidentally setup the AAD application with “Mobile and Desktop platforms” when it needed to be a Web based authentication.

Alt

Finally, we are back in business!

Alt

Now I’ll go delete everything and try it again. :)