How to fix "AADSTS700054: response_type 'id_token' is not enabled for the application" error

This post was most recently updated on July 6th, 2019.

Reading Time: 3 minutes.

This article will explain to you how to fix the error “AADSTS700054”

Another day, another unsuccessful authentication attempt, and another cool error code. This one I encountered when building a little POC that was supposed to authenticate against Graph API.

Problem

Table of Contents

When developing your client-side solution (an SPFx webpart, React app, ASP.NET MVC application with some client-side components… Your pick!), you run into this error when your code tries to authenticate against Azure AD:

AADSTS700054: response_type 'id_token' is not enabled for the application.

And nothing else. That’s not super descriptive… Below, you can see a screenshot of such issue:

The error you're thrown: "AADSTS700054: response_type 'id_token' is not enabled for the application." — The error you’re thrown: “AADSTS700054: response_type ‘id_token’ is not enabled for the application.”

What do?

Reason

Your app’s authentication provider is currently not allowed to return a token that’s required for the OAuth2 implicit flow. This flow is a simplified authentication flow, where your successful authentication request will directly result in an access token to be returned to your app.

Since your app is requesting the token, but the authentication provider can’t return it, an error is thrown. There’s a couple of different switches, that might be stopping the token from being returned. Let’s take a look, then!

Solution

There’s 2 steps you need to take to fix this issue. Luckily, as long as you have access to the app registrations, both steps are simple.

First of all, consider whether you need the implicit flow or not, based on what I wrote earlier. Maybe you don’t – and you should be using something else instead.

If you do, proceed with the steps below.

Step 1: Enable the implicit authentication flow

You’ll need to make a simple app manifest change to enable the authentication with the implicit flow in the first place.

See the article below for instructions on how to enable the implicit authentication flow for your app:

When that’s done, and if you still have issues, see below as well:

Step 2: enable returning the tokens

Okay – next we need to make sure our registered app is allowed to return those tokens when requested. The configuration page on AAD says the following about the implicit flow (implicit grant):

Allows an application to request a token directly from the authorization endpoint. Recommended only if the application has a single page architecture (SPA), has no backend components, or invokes a Web API via JavaScript.

To enable the implicit grant flow, select the tokens you would like to be issued by the authorization endpoint…
Azure AD

Okay, so that means we’ll just need to navigate to the following path:

Azure Portal > Azure Active Directory > App Registrations > Authentication > Advanced Settings > Implicit grant

Enable “ID tokens” as shown below.

Click Save, head back to your app – it should work.

Et voilà! You should be good :)

Author
Recent Posts

Antti K. Koskela

Developer / Architect / Consultant at Koskila / Valo Solutions Ltd. / Norppandalotti Software Co / Alter - Experience Ideas Ltd.

Antti Koskela is a proud digital native nomadic millennial full stack developer (is that enough funny buzzwords? That's definitely enough funny buzzwords!), who works as a Solutions Architect for Valo Intranet, the product that will make you fall in love with your intranet.

He's been a developer from 2004 (starting with PHP and Java), and he's been bending and twisting SharePoint into different shapes since MOSS. Nowadays he's not only working on SharePoint, but also on .NET projects, Azure, Office 365 and a lot of other stuff. He's also Microsoft MVP for Office Development.

This is his personal professional (e.g. professional, but definitely personal) blog.

Latest posts by Antti K. Koskela (see all)

0 0 vote

Article Rating

Posts Related to "How to fix "AADSTS700054: response_type 'id_token' is not enabled for the application" error":

7 Comments

Inline Feedbacks

View all comments

Kentaro

8 months ago

Thanks a lot! With your post, I was able to solve my authentication issue right away!

Author

Reply to Kentaro

Hi Kentaro,

Thanks for your comment, happy to hear it helped! :)

Adam

5 months ago

We have both implicit flow set to true in the manifest (we see two properties, both true)

“oauth2AllowIdTokenImplicitFlow”: true,
“oauth2AllowImplicitFlow”: true,

and have both ID Tokens and Access tokens set up for implicit grant, but are seeing the AAD700054 error still. Are there any other troubleshooting steps?

Reply to Adam

Hi Adam,

Thanks for the question. Double-check the application ID you’re using – make sure it matches. Can you log in with the client ID and client secret using PowerShell without any errors?

Darika

4 months ago

Thank u

Reply to Darika

My pleasure! :)

pedro

3 months ago

great

#SharePointProblems

Solutions are worthless unless shared! Antti K. Koskela's Personal Professional Blog

How to fix “AADSTS700054: response_type ‘id_token’ is not enabled for the application” error