Encountering AADSTS700054 in the wild. Always a bother - but let me tell you how to fix it!

How to fix “AADSTS700054: response_type ‘id_token’ is not enabled for the application” error

This post was most recently updated on July 6th, 2019.

Reading Time: 3 minutes.

This article will explain to you how to fix the error “AADSTS700054”

Another day, another unsuccessful authentication attempt, and another cool error code. This one I encountered when building a little POC that was supposed to authenticate against Graph API.

Problem

When developing your client-side solution (an SPFx webpart, React app, ASP.NET MVC application with some client-side components… Your pick!), you run into this error when your code tries to authenticate against Azure AD:

AADSTS700054: response_type 'id_token' is not enabled for the application.

And nothing else. That’s not super descriptive… Below, you can see a screenshot of such issue:

The error you're thrown: "AADSTS700054: response_type 'id_token' is not enabled for the application."
The error you’re thrown: “AADSTS700054: response_type ‘id_token’ is not enabled for the application.”

What do?

Reason

Your app’s authentication provider is currently not allowed to return a token that’s required for the OAuth2 implicit flow. This flow is a simplified authentication flow, where your successful authentication request will directly result in an access token to be returned to your app.

Since your app is requesting the token, but the authentication provider can’t return it, an error is thrown. There’s a couple of different switches, that might be stopping the token from being returned. Let’s take a look, then!

Solution

There’s 2 steps you need to take to fix this issue. Luckily, as long as you have access to the app registrations, both steps are simple.

First of all, consider whether you need the implicit flow or not, based on what I wrote earlier. Maybe you don’t – and you should be using something else instead.

If you do, proceed with the steps below.

Step 1: Enable the implicit authentication flow

You’ll need to make a simple app manifest change to enable the authentication with the implicit flow in the first place.

See the article below for instructions on how to enable the implicit authentication flow for your app:

When that’s done, and if you still have issues, see below as well:

Step 2: enable returning the tokens

Okay – next we need to make sure our registered app is allowed to return those tokens when requested. The configuration page on AAD says the following about the implicit flow (implicit grant):

Allows an application to request a token directly from the authorization endpoint. Recommended only if the application has a single page architecture (SPA), has no backend components, or invokes a Web API via JavaScript.


To enable the implicit grant flow, select the tokens you would like to be issued by the authorization endpoint…

Azure AD

Okay, so that means we’ll just need to navigate to the following path:

Azure Portal > Azure Active Directory > App Registrations > Authentication > Advanced Settings > Implicit grant

Enable “ID tokens” as shown below.

Click Save, head back to your app – it should work.

Et voilà! You should be good :)

Antti K. Koskela

Antti Koskela is a proud digital native nomadic millennial full stack developer (is that enough funny buzzwords? That's definitely enough funny buzzwords!), who works as a Solutions Architect for Valo Intranet, the product that will make you fall in love with your intranet. Working with the global partner network, he's responsible for the success of Valo deployments happening all around the world.

He's been a developer from 2004 (starting with PHP and Java), and he's been bending and twisting SharePoint into different shapes since MOSS. Nowadays he's not only working on SharePoint, but also on .NET projects, Azure, Office 365 and a lot of other stuff.

This is his personal professional (e.g. professional, but definitely personal) blog.
mm

2
Leave a Reply

avatar
5000
1 Comment threads
1 Thread replies
1 Followers
 
Most reacted comment
Hottest comment thread
2 Comment authors
mmKentaro Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
Kentaro
Guest

Thanks a lot! With your post, I was able to solve my authentication issue right away!