Fixing issue “AADSTS70005” by enabling the implicit authentication flow for your Azure AD app

Azure Active Directory (Azure AD)

While either developing or just trying to use an application that authenticates against Azure AD, you might get an error message that contains error code “AADSTS70005“. This means that you’re trying to use implicit authentication flow, but it isn’t allowed for your app. If you have access to the Azure AD you’re authentication against, it’s easy to fix! See more below…

Reason

You might get an error, somewhat like this:

AADSTS70005: response_type 'token' is not supported for the application Trace ID: <Guid_1> Correlation ID: <Guid_2> Timestamp...

This is returned by your Azure AD instance, as it doesn’t allow the use of implicit OAuth2 authentication flow for the application id you’re using.

Solution: Enable the Implicit Authentication Flow

Okay, luckily the fix is going to be easy. You can resolve the issue by enabling the implicit authentication flow for OAuth2. There’s actually no switch in GUI for this – you’ll have to edit the manifest of your registered Azure AD application yourself. Follow these steps: Continue reading

Fixing the error “Web Deploy cannot modify the file on the Destination because it is locked by an external process.”

"Publishing Failed" for an Azure Function

This post describes how to fix the error, where when publishing Azure Functions or Azure App Services you get an error like this: “Web Deploy cannot modify the file on the Destination because it is locked by an external process.”

This is luckily another straightforward fix! 

Problem

Azure Function Publish fails with a message:

“Web Deploy cannot modify the file on the Destination because it is locked by an external process.”

It is, indeed, caused by some of your files at the target of your publishing being in use, so they cannot be overwritten. Great – an actually accurate error message! Much appreciated.

This seems to apply to Azure Functions CLI versions 2.x (currently in beta), and not for the stable versions. At least that’s the state at the time of writing this. There’s even this unresolved issue open about it on GitHub.

Continue reading

How to fix AADSTS50011: Reply address did not match because of case sensitivity.

AADSTS50011: The reply address ... does not match the reply addresses configured for the application.

So, you got an error with a code AADSTS50011? It’s just Azure AD’s authentication acting up because of invalid reply address! here’s a bunch of different reasons that lead to this error. This post describes the variant where the URL’s case sensitivity differns from what’s configured. For me, the most typical scenario where I run into this error is accessing the app from SharePoint.

Problem

So, you’re getting an error somewhat like this:

AADSTS50011: The reply address <...> does not match the reply addresses configured for the application: '<guid>'. More details: Reply address did not match because of case sensitivity.

This is another variation of the good old “AADSTS50011: The reply address does not match the reply addresses configured“-error.

I recently encountered this new version of the error. Normally, you don’t get any extra details – the “More details:” -section will just say “not available” or some such. But I guess a lot of people have been struggling with the case-sensitivity of the URLs (I wonder who thought that was a good idea?), and Microsoft has opted to provide this, slightly improved version of the classical reply-url error.

Continue reading

How to fix an Azure Function (v2) failing with error “The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.”

"The resource you are looking for has been removed, had its name changed, or is temporarily unavailable." leads to a 404 error in jQuery.

This post describes one way to resolve a problem, where you receive an error like “The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.” when calling your Azure Functions.

Problem

Another day, another simple, yet kind of weird issue to solve! This time I was developing a simple Azure Function to access Microsoft Graph API. This particular issue was kind of bugging, since the error message actually had nothing to do with the actual issue and gave no pointers as to how to fix the issue!

I was just developing a function, and suddenly it stopped working, and the only error message I got was this:

The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

In client-side code, if called with $.get(), it looks somewhat like this:

"The resource you are looking for has been removed, had its name changed, or is temporarily unavailable." leads to a 404 error in jQuery.

“The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.” leads to a 404 error in jQuery.

So, what did I do to cause this – and how to fix this?

Continue reading

How to fix AADSTS50011: The reply address does not match the reply addresses configured… error

AADSTS50011: The reply address ... does not match the reply addresses configured for the application.

So, you got an error with a code AADSTS50011? That’s ok – it’s just Azure AD’s authentication acting up because of invalid reply URLs! Since there might be a couple of different reasons for this error, this post also describes a couple of different solutions, that might help you overcome the issues.

Error

So, you’re getting an error somewhat like this:

AADSTS50011: The reply address ... does not match the reply addresses configured for the application.

AADSTS50011: The reply address … does not match the reply addresses configured for the application.

But why? Did you mess something up? Well, if you’re the person who configured the app you’re trying to use, you probably did! Although Microsoft might still be the one to blame for that. Continue reading

How to fix Twitter embed in SharePoint

MFW another API just stops working without returning any errors

Twitter has always been good for developers, except for those who’d like to embed anything – hence making it possible to interact with their contents on other sites than Twitter. I guess it’s understandable, but they seem to hate anyone trying to embed feeds, searches or anything on their sites. And they express their hate by making the developers’ lives more difficult… This time by silently breaking the embed script in a way, that’s tricky to work around.

The Problem

In February 2018, Twitter announced that their widgets will start rendering fallback markup on IE9 and IE10 “in the near future”. Since SharePoint 2013 and 2016 are locked in document mode of IE 10 (i.e. using IE on SharePoint sites causes the user agent to be roughly that of IE10), that means trouble for SharePoint admins. Basically everyone, who’s using Twitter embeds on SharePoint, will be seeing empty feeds henceforth.

Well, save for SharePoint Online users, since SharePoint Online renders in whatever mode Microsoft chooses that week! For them, Twitter feeds will act like erratically, and I feel bad for whomever has to debug the behavior!

Anyway – that change’s immediate effects were surprisingly small. Widgets still rendered, until roughly 2 weeks ago (early May 2018). We started getting reports of Twitter being utterly broken – the embed being completely empty without any fallback rendering whatsoever. What’s worse, the embed fails silently, without any errors anywhere. Looking at the code, it looks like it just checks the user agent and ends the execution – thanks a lot, Twitter, much appreciated!

What’s even worse, is that it applies to IE11 users, too – if they’re in SharePoint, or on a site that’s running in compatibility mode (such as all sites on “intranet” zone). And since IE seems to be most actively used in large organizations, especially on internal communication channels, Twitter just decided to block the majority of IE users in the world from accessing their service via embeds. 

Great.

Luckily, there’s a dirty hack for this situation!

Continue reading

Fixing an unhandled exception about StructureMap configuration failing (messed up assembly bindings)

Obama congratulates you on your broken apps

So, you’re running a console program, but while you try running it, you get an error like this: “StructureMap.Exceptions.StructureMapConfigurationException”, with a message like this: “Unable to find the exported Type’s in assembly” (the typo done by Microsoft, not me). There’s a number of reasons for this error, but for a fair share of the time that’s just your assembly bindings being messed up. Luckily, that’s another easy fix!  Continue reading

How to fix AADSTS50059: No tenant-identifying information found in either the request or implied by any provided credentials.

SOLVE ALL THE ERRORS!

Have you run into the cryptical “AADSTS50059: No tenant-identifying information found in either the request or implied by any provided credentials.” error? I have. This post will tell you how to fix it.

How to fix AADSTS50059?

I encountered this error while trying to reload a page with some JavaScript that authenticates against Graph API. It completely blocks the functionality, as it redirects the user to login page. Luckily, at least in my case, this was easily fixed! Your error might look something like this:

Request Id: <guid>
Correlation Id: <guid>
Timestamp: 2018-04-27T20:58:36Z
Message: AADSTS50059: No tenant-identifying information found in either the request or implied by any provided credentials.

Okay – so the error claims Azure AD fails to recognize your tenant, as the request or provided credentials didn’t provide that. But is that even true?  Continue reading

Solving error “AADSTS90013: Invalid input received from the user”

AADSTS90013: Invalid input received from the user. (header thumbnail)

I stumbled upon a customer, that complained about some pages in their intranet throwing weird errors with authentication. Those pages seemed to have one thing in common – there was a Yammer embed (or a SharePoint script webpart with Yammer embed script in it, to be precise) there. The error code they got was “AADSTS90013: Invalid input received from the user”.

Below, you can see an example of the error screen.

AADSTS90013: Invalid input received from the user.

AADSTS90013: Invalid input received from the user.

Okay – this is going to be extremely specific, and probably won’t solve the issue for all of you out there! But this is what worked for this customer: Continue reading

Alternative Languages in SharePoint forcing the (cumbersome) use of localized Managed Properties

SharePoint Search No Results

Localization and multilingual environments in SharePoint are an endless source of interesting issues and blog post topics. In one case, we had a tenant created originally in English, and a site collection created in Finnish. In this particular case, SharePoint somehow messed up the language settings, and ended up requiring the use of localized managed properties on the search center of that site collection. That ended up being unexpected, unituitive and unusable for the end-users.

Description of the issue

Typically, when you use SharePoint Search, you can use managed properties to search for values in certain fields or columns of any items in the index. Our particular use case involved searching SharePoint’s people results for users of certain departments.

“Department” is a managed property on its own, and gets info from – surprise, surprise – a field called “Department” in the user profile service in SharePoint Online. In our case, the Search service API returned results with “Department:HR”, but search center did not. 

After a lot of playing around, it turned out the search center required us to use localized versions of the names of managed properties. In this particular case, search required the Finnish name (“Osasto”) for the property. Before this, I didn’t even know that was a thing! In all of the installations I’ve seen, the plain English internal names of the managed properties worked just fine – so, in this case, “Department”. Continue reading