Azure Active Directory (Azure AD)

Fixing issue “AADSTS70005” by enabling the implicit authentication flow for your Azure AD app

This post was most recently updated on December 3rd, 2018.

Another day, another Azure Active Directory error! So what’s this AADSTS70005 all about?

While either developing or just trying to use an application that authenticates against Azure AD, you might get an error message that contains error code “AADSTS70005“. This means that you’re trying to use implicit authentication flow, but it isn’t allowed for your app. If you have access to the Azure AD you’re authentication against, it’s easy to fix! See more below…

Reason

You might get an error, somewhat like this:

AADSTS70005: response_type 'token' is not supported for the application Trace ID: <Guid_1> Correlation ID: <Guid_2> Timestamp...

This is returned by your Azure AD instance, as it doesn’t allow the use of implicit OAuth2 authentication flow for the application id you’re using.

Solution: Enable the Implicit Authentication Flow

Okay, luckily the fix is going to be easy. You can resolve the issue by enabling the implicit authentication flow for OAuth2. There’s actually no switch in GUI for this – you’ll have to edit the manifest of your registered Azure AD application yourself. Follow these steps:

  1. First, browse to your registered app in your Azure AD instance. If you’re working with SharePoint Online (like I was), see this article on how to find the correct instance: How to use the Azure AD associated with your SharePoint Online! 🙂
  2. Then open the Manifest editor from the “ribbon”, see below for an example:
    Manifest Editor on Azure AD
    Manifest Editor on Azure AD Enterprise application management page
  3. Following that, you’ll need to edit the manifest to allow for implicit oauth2 authentication. See the highlighted row below:
    Editing manifest of an Azure AD application to allow implicit authentication flow
    Editing the manifest of an Azure AD application to allow implicit authentication flow.
  4. Then just hit “Save”, and try again.

It should work now! 🙂 With any luck, you’re good to go.

The next error you’re probably going to get, is AADSTS65001. This link explains how to fix that: 4 ways to fix the Azure Active Directory error AADSTS65001 (The user or administrator has not consented to use the application)

The following two tabs change content below.

Antti K. Koskela

Solutions Architect / Escalations Engineer at Koskila / Norppandalotti Software / Valo Solutions
Antti Koskela is a proud digital native nomadic millenial full stack developer (is that enough funny buzzwords? That's definitely enough funny buzzwords!), who works as a Solutions Architect for Valo Intranet, the product that will make you fall in love with your intranet. Working with the global partner network, he's responsible for the success of Valo deployments happening all around the world. He's been a developer from 2004 (starting with PHP and Java), and he's been bending and twisting SharePoint into different shapes since MOSS. Nowadays he's not only working on SharePoint, but also on .NET projects, Azure, Office 365 and a lot of other stuff. This is his personal professional (e.g. professional, but definitely personal) blog.

Let me know your thoughts!