Reputation: 995
getting #error=unsupported_response_type&error_description=AADSTS70005: with token request
I am trying to implement a OAuth2 implicit grant flow in an IOS app. In this case it requires a token request instead of a code request because you can't share the client secret in a native app safely.
so a request like this yields a login form:
https://login.windows.net/<tenantid>/oauth2/authorize?api-version=1.0&client_id=<client id>&response_type=token&redirect_uri=shp-apps://localhost:44300/?ReturnUrl=%2F&resource=https://graph.windows.net
After successfully login I get this error:
#error=unsupported_response_type&error_description=AADSTS70005: response_type 'token'
is not supported for the application
Trace+ID: 9008e580-2798-4b6c-a6bf-2bf614b61f64
Correlation+ID: ceb9bb4b-34a4-4441-801f-377f534543b1
Timestamp: 2014-08-26+16%3a24%3a24Z
Is this actually correct, the token request_type is not supported? or is there something else that I need to do? The application is setup as a native app. I have already been able to do a 'code' response_type in a different application in the same active directory.
Upvotes: 1
Views: 4716
Answers (2)
Reputation: 5430
According to the MSDN Documentation on AAD Auth Failures - Implicit OAuth is not enabled for the application, you need to set oauth2AllowImplicitFlow to true in the App Registration Manifest in the Azure Portal.
The Issue
When creating your app registration in AAD, you need to manually edit the application manifest and set the value of the oauth2AllowImplicitFlow property to true. Otherwise the AAD sign in flow will not work
error "AADSTS70005: response_type 'token' is not supported for the application..."
The Solution
Follow these steps to solve this issue.
Sign into portal.azure.com with an administrator account in your tenant.
Navigate to Azure Active Directory in the left hand side bar > App registrations > Your app.
Click Manifest at the top of the pane describing your app.
Change the value of the property
oauth2AllowImplicitFlowtotrue. If the property is not present, add it and set its value totrue.
Click "Save" to save the modified manifest.
Upvotes: 2
Reputation: 4004
Implicit grant flow is indeed not supported yet by Azure AD. For your iOS app, use the authorization code grant flow with refresh token support. You don't need to write the OAuth flow on your own - use our iOS/OSX SDK instead: https://github.com/AzureAD/azure-activedirectory-library-for-objc
Philip, stay tuned on the implicit grant flow - it is on our radar.
Hope this helps.
UPDATE: Azure AD now suports implicit grant OAuth flow. see: https://github.com/AzureADSamples/SinglePageApp-AngularJS-DotNet
Upvotes: 1
Related Questions
- AADSTS70005: response_type 'id_token' is not enabled for the application
- Invalid request. Request is malformed or invalid. While getting Access Token From Azure
- Azure Active Directory Authentication 401, Bearer Token The signature is invalid
- An error occurred while requesting the token with "Expose an API” scope. AADSTS70011:The provided value for the input parameter 'scope' is not valid
- AADSTS700054: response_type 'id_token' is not enabled for the application
- AADSTS70007: 'query' is not a supported value of 'response_mode' when requesting a token
- Azure AD Oauth2 gives error after authorization request
- Sharepoint Online Web Api Bearer Error 401
- Azure Active Directory OAuth 2.0 Authorization gives Bad Request
- Stuck between two errors in an Azure OAuth2 token request