106

AADSTS70005: response_type 'id_token' is not enabled for the application

I am getting above error even after setting "oauth2AllowImplicitFlow": true, in manifest.

Wayne Yang
  • 9,016
  • 2
  • 20
  • 40
Jajula Siva
  • 1,079
  • 2
  • 7
  • 7
  • You could try to manually adding "groupMembershipClaims": null to the manifest. – Joy Wang Mar 22 '18 at 07:56
  • Sometimes caching can affect things, have you tried again? – juunas Mar 22 '18 at 09:01
  • Do you have any process on this case? – Wayne Yang Mar 23 '18 at 03:13
  • Can you add more information such as - what platform is your app, if your app is a 'converged app' created in apps.dev.microsoft.com or a Azure AD app created in portal.azure.com. Also it would be helpful to have some source code on how you are requesting the token. I've seen this error happening when you don't have a RedirectURL on your app. – Andre Teixeira May 16 '18 at 00:10
  • Same problem here, I'm trying to implement OpenID 1.0 authentication flow in PHP. Neither the `oauth2AllowImplicitFlow` nor the `groupMembershipClaims` work for me. I'd really like to give up Azure AD forever, if only I were allowed to. – Paolo Stefan Oct 18 '18 at 09:30
  • I am getting "AADSTS700051: response_type 'token' is not enabled for the application." error – roney Mar 13 '19 at 21:24
  • I believe there might be a delay / caching issue going on here. Take your time (a few minutes) before testing any changes to App registrations – Nick.Mc Jul 26 '20 at 10:38

8 Answers8

163

try this: go to portal.azure.com select your directory, and go to Azure AD then select App registration (preview) select the app you are trying to authenticate (you should already have registered it) go to the authentication tab check "ID tokens" in the Advanced Settings section (see the bottom of the attached image)

enter image description here

this have worked for me

Mosè Bottacini
  • 4,016
  • 2
  • 24
  • 28
30

I got the error:

AADSTS700054: response_type 'id_token' is not enabled for the application.

And the resolution was setting:

{
  "oauth2AllowIdTokenImplicitFlow" : true
}

in Azure Active Directory App Manifest

KyleMit
  • 30,350
  • 66
  • 462
  • 664
eMazeika
  • 1,381
  • 2
  • 10
  • 15
20

Make sure you have selected ID tokens (used for implicit and hybrid flows) You can do from Authentication blade in your app in Azure AD. See screenshot below

Or go to the Manifest blade and make oauth2AllowIdTokenImplicitFlow to true. See screenshot below enter image description here

Rupesh Kumar Tiwari
  • 897
  • 11
  • 19
  • After making oauth2AllowIdTokenImplicitFlow to true, I am getting error as "AADSTS500113: No reply address is registered for the application." – Manveer Singh Jun 25 '21 at 12:53
8

Error : OpenIdConnectMessage.Error was not null, indicating an error. Error: 'unsupported_response_type'. This error occurred because Azure AD not return any Access tokens or ID tokens. Azure AD need to enabled check box to return tokens, after authentication is done.

How to Solve : goto Azure AD => App registration => click tab Authentication => enabled Access tokens and ID tokens check-boxes.

Dhiraj Ghode
  • 81
  • 1
  • 3
2

Make sure you don't have two instances of the key oauth2AllowImplicitFlow in your manifest - in my case I had added the key but it was present already with the value set to false. Hopefully this solves the issue:)

Vincenzo Criscuolo
  • 21
  • 2
1

I was facing similar issue and when visited the page of ActiveDirectory -> App registrations, it wasnt showing new UI.

Also it doesnt allow me to set the flag in the metadata, Found the workaround for this.

https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Authentication/quickStartType//sourceType/Microsoft_AAD_IAM/appId/9bab1d75-34b8-475b-abfe-5a62c6f01234/objectId/a4b459c1-7753-400c-8f8f-46fb5451234/isMSAApp//defaultBlade/Overview/servicePrincipalCreated/true

First login to your instance, modify the above URL to paste object id and application id of your application.

Then it should show the screen @Mosè Bottacini posted.

Ganesh Bhat
  • 687
  • 5
  • 5
1

It is true like a lot of you are saying that you need to enable ID tokens (used for implicit and hybrid flows) if you really need the ID Token.

'AADSTS700054: response_type 'id_token' is not enabled for the application.

However if you use a Authorization Code Flow you don't really need it. Microsoft OpenID Connect authentication (Microsoft.AspNetCore.Authentication.OpenIdConnect) uses id_token as default ResponseType for OpenIdConnect and JwtSecurityTokenHandler.

enter image description here

Using AddOpenIdConnect you can set ResponseType to OpenIdConnectResponseType.Code or simply "code" and then you don't need the id_token at all.

Working example with Azure Ad and IdentityServer:

services.AddAuthentication()
      .AddOpenIdConnect("aad", "Azure AD", options =>
            {
                options.ClientSecret = "<ClientSecret>";
                options.ResponseType = OpenIdConnectResponseType.Code;
                options.ClientId ="<ClientId>";
                options.Authority = "https://login.microsoftonline.com/<TenantId>/";
                options.CallbackPath = "/signin-oidc";
            })
        .AddIdentityServerJwt();

http://docs.identityserver.io/en/latest/topics/signin_external_providers.html

Ogglas
  • 62,132
  • 37
  • 328
  • 418
0

I stumbled across this post since I was having the exact same issue with my Azure App Service. I fixed it by using the exact redirect URL in the error message and adding that to the list of URLs in the app registration.

Ben
  • 337
  • 1
  • 6
  • 20