I am creating a VSTO plugin in VB.net. I would like allow users to sign-up and sign-in, using their Microsoft Office account.
So I turned my attention to MSAL (in VB.net) and to Microsoft Entra (its online counterpart).
In Microsoft Entra, I have:
- Registered an app.
- I configured to accept “Accounts in any organizational directory and personal Microsoft accounts”
- In the app’s properties, I switched “Assignment required” to “no”
- Created APIs and granted administrator constent
- Added a custom return API (localhost – I’m working on a desktop app)
- Created a “Sign-up and sign-in” user flow (sometimes also called the “policy”). I have associated it with the app I just described. As far as I know, creating a policy and associating it with an Enterprise Application is the only way to allow new users to sign-up into the application (otherwise, you have to add them manually to you application’s users list).
In my VSTO addin’s code, I am then using the following lines:
”’
<code>Dim clientId As String = "<client-id>"
Dim tenantId As String = "<directory-id>"
Dim tenantName As String = "<string-name>"
Dim signUpSignInPolicy As String = "<user-flow-name>"
Dim authority As String = $"https://{tenantName}.b2clogin.com/tfp/{tenantName}.onmicrosoft.com/{signUpSignInPolicy}"
Dim redirectUri As String = "http://localhost"
Dim pcaOptions As PublicClientApplicationOptions = New PublicClientApplicationOptions With
{
.ClientId = clientId,
.TenantId = tenantId
}
Return PublicClientApplicationBuilder.CreateWithApplicationOptions(pcaOptions) _
.WithB2CAuthority(authority) _
.WithRedirectUri(redirectUri) _
.Build()
</code>
<code>Dim clientId As String = "<client-id>"
Dim tenantId As String = "<directory-id>"
Dim tenantName As String = "<string-name>"
Dim signUpSignInPolicy As String = "<user-flow-name>"
Dim authority As String = $"https://{tenantName}.b2clogin.com/tfp/{tenantName}.onmicrosoft.com/{signUpSignInPolicy}"
Dim redirectUri As String = "http://localhost"
Dim pcaOptions As PublicClientApplicationOptions = New PublicClientApplicationOptions With
{
.ClientId = clientId,
.TenantId = tenantId
}
Return PublicClientApplicationBuilder.CreateWithApplicationOptions(pcaOptions) _
.WithB2CAuthority(authority) _
.WithRedirectUri(redirectUri) _
.Build()
</code>
Dim clientId As String = "<client-id>"
Dim tenantId As String = "<directory-id>"
Dim tenantName As String = "<string-name>"
Dim signUpSignInPolicy As String = "<user-flow-name>"
Dim authority As String = $"https://{tenantName}.b2clogin.com/tfp/{tenantName}.onmicrosoft.com/{signUpSignInPolicy}"
Dim redirectUri As String = "http://localhost"
Dim pcaOptions As PublicClientApplicationOptions = New PublicClientApplicationOptions With
{
.ClientId = clientId,
.TenantId = tenantId
}
Return PublicClientApplicationBuilder.CreateWithApplicationOptions(pcaOptions) _
.WithB2CAuthority(authority) _
.WithRedirectUri(redirectUri) _
.Build()
”’
However, I get the error AADB2C90011, according to which “The client id provided in the request does not match client id 4829629c-4ae8-42a5-9def-bd28fbfd6992 registered in policy.”
Does anyone have already faced this issue? I found this online forum that seems to say that it’s a bug that is still ongoing… but I believe many people never encountered it. So I guess some of you might have done things differently and/or found a workaround.