azure - getting #error=unsupported_response_type&error_description=AADSTS70005: with token request

Question

I am trying to implement a OAuth2 implicit grant flow in an IOS app. In this case it requires a token request instead of a code request because you can't share the client secret in a native app safely.

so a request like this yields a login form:

https://login.windows.net/<tenantid>/oauth2/authorize?api-version=1.0&client_id=<client id>&response_type=token&redirect_uri=shp-apps://localhost:44300/?ReturnUrl=%2F&resource=https://graph.windows.net

After successfully login I get this error:

#error=unsupported_response_type&error_description=AADSTS70005: response_type 'token' 
  is not supported for the application
Trace+ID: 9008e580-2798-4b6c-a6bf-2bf614b61f64
Correlation+ID: ceb9bb4b-34a4-4441-801f-377f534543b1
Timestamp: 2014-08-26+16%3a24%3a24Z

Is this actually correct, the token request_type is not supported? or is there something else that I need to do? The application is setup as a native app. I have already been able to do a 'code' response_type in a different application in the same active directory.

Answer 1

According to the MSDN Documentation on AAD Auth Failures - Implicit OAuth is not enabled for the application, you need to set oauth2AllowImplicitFlow to true in the App Registration Manifest in the Azure Portal.

The Issue

When creating your app registration in AAD, you need to manually edit the application manifest and set the value of the oauth2AllowImplicitFlow property to true. Otherwise the AAD sign in flow will not work

error "AADSTS70005: response_type 'token' is not supported for the application..."

The Solution

Follow these steps to solve this issue.

1. Sign into portal.azure.com with an administrator account in your tenant.

2. Navigate to Azure Active Directory in the left hand side bar > App registrations > Your app.

3. Click Manifest at the top of the pane describing your app.

4. Change the value of the property oauth2AllowImplicitFlow to true. If the property is not present, add it and set its value to true.

   

5. Click "Save" to save the modified manifest.