ADAL JS - response_type="token" is not supported

azure adal
serg.salo picture serg.salo · Mar 29, 2015 · Viewed 18.8k times · Source

I'm using adal js to auth with Azure AD. I have webApp and webApi. Pretty much my apps follow this sample https://github.com/AzureADSamples/SinglePageApp-WebAPI-AngularJS-DotNet .

I was able to login to my webApp and adal.js successfully acquired a token for my webApi and injected it into a request. All was working until recently. Then token acquisition for webApi stopped working with error:

"response_type 'token' is not supported for the application"

renewToken is failed:AADSTS70005: response_type 'token' is not supported for the application Trace ID: 104c18e3-eb6e-42a4-a292-c6f170f27f65 Correlation ID: c2e65622-0c58-473a-8184-b3056fb1af58 Timestamp: 2015-03-27 22:53:12Z

I can clearly see that adal.js is building a request and puts "response_type=token" into a query string. So, my assumption is that something changed on Azure AD side.

I found one article that correlates response_type=token to implicit grant flow. I confirmed that my webApp has "oauth2AllowImplicitFlow" enabled. I have contacted MS support and waiting for resolution. Meanwhile, I wanted to share this with community and see whether someone has any information regarding the issue.

Thanks

Answer

alaasdk picture alaasdk · Jul 1, 2015

If you are building client-side app, you need to enable Implicit flow from the application manifest.

  "oauth2AllowImplicitFlow": true,
  1. Open your application configuration azure portal, and download the manifest file from "Manage Manifest" menu.

enter image description here

  1. search for oauth2AllowImplicitFlow and change the value to true.

  2. upload the file again through the same menu.

Logout and login again to your app and it will work will a charm.

It can also be configured via the Azure AD portal:

  • From the application page, click on Authentication, and under Advanced Settings, select the checkboxes next to Access tokens and ID tokens to enable OAuth2 implicit grant for the application.

more info about OAuth2 Implicit flow >> link:

The implicit grant type is used for mobile apps and web applications (i.e. applications that run in a web browser), where the client secret confidentiality is not guaranteed...

Related questions

Azure AD Logout URL not redirecting

I am building the following URL https://login.microsoftonline.com/<tenantid>/oauth2/logout?client_id=<clientId>&post_logout_redirect_uri=<encodedurl> It looks something like https://login.microsoftonline.com/f4aaf6e1-ffff-ffff-bb63…

Read More
Why does AcquireToken with ClientCredential fail with invalid_client (ACS50012)?

Why won't my Azure AD application allow an oauth client_credentials grant? I want to use the Azure Graph API, but first I need an oauth token. To get the token, I am trying to use Microsoft.IdentityModel.Clients.ActiveDirectory …

Read More
AcquireTokenSilent always Failed to acquire token silently

Using ADAL I have two AuthenticationContext using a Token Cache persisted in SQL. Using AcquireTokenByAuthorizationCode it writes the Token in database, but when using AcquireTokenSilent I always get Failed to acquire token silently. Call method AcquireToken Here are the details …

Read More