This post was most recently updated on July 6th, 2019.
Reading Time: 3 minutes.This article will explain to you how to fix the error “AADSTS700054”
Another day, another unsuccessful authentication attempt, and another cool error code. This one I encountered when building a little POC that was supposed to authenticate against Graph API.
Problem
When developing your client-side solution (an SPFx webpart, React app, ASP.NET MVC application with some client-side components… Your pick!), you run into this error when your code tries to authenticate against Azure AD:
AADSTS700054: response_type 'id_token' is not enabled for the application.
And nothing else. That’s not super descriptive… Below, you can see a screenshot of such issue:
What do?
Reason
Your app’s authentication provider is currently not allowed to return a token that’s required for the OAuth2 implicit flow. This flow is a simplified authentication flow, where your successful authentication request will directly result in an access token to be returned to your app.
Since your app is requesting the token, but the authentication provider can’t return it, an error is thrown. There’s a couple of different switches, that might be stopping the token from being returned. Let’s take a look, then!
Solution
There’s 2 steps you need to take to fix this issue. Luckily, as long as you have access to the app registrations, both steps are simple.
First of all, consider whether you need the implicit flow or not, based on what I wrote earlier. Maybe you don’t – and you should be using something else instead.
If you do, proceed with the steps below.
Step 1: Enable the implicit authentication flow
You’ll need to make a simple app manifest change to enable the authentication with the implicit flow in the first place.
See the article below for instructions on how to enable the implicit authentication flow for your app:
When that’s done, and if you still have issues, see below as well:
Step 2: enable returning the tokens
Okay – next we need to make sure our registered app is allowed to return those tokens when requested. The configuration page on AAD says the following about the implicit flow (implicit grant):
Allows an application to request a token directly from the authorization endpoint. Recommended only if the application has a single page architecture (SPA), has no backend components, or invokes a Web API via JavaScript.
Azure AD
To enable the implicit grant flow, select the tokens you would like to be issued by the authorization endpoint…
Okay, so that means we’ll just need to navigate to the following path:
Azure Portal > Azure Active Directory > App Registrations > Authentication > Advanced Settings > Implicit grant
Enable “ID tokens” as shown below.
Click Save, head back to your app – it should work.
Et voilà! You should be good :)
Antti K. Koskela
He's been a developer from 2004 (starting with PHP and Java), and he's been bending and twisting SharePoint into different shapes since MOSS. Nowadays he's not only working on SharePoint, but also on .NET projects, Azure, Office 365 and a lot of other stuff.
This is his personal professional (e.g. professional, but definitely personal) blog.
Latest posts by Antti K. Koskela (see all)
- ‘__generated__Index.OnInitAsync()’: no suitable method found to override - August 19, 2019
- Au revoir Canada, bonjour Finland.. Eh? - August 16, 2019
- SharePoint Home, Hub, Sites, Start… What? - August 13, 2019
Leave a Reply