oauth-2.0azure-active-directoryimplicit-flow

Implicit Flow is not reacting properly in Azure AD

I have a React SPA that calls a Node API that in turns calls another Node API. I configured the first API to allow for user1 to have access. I configured the second API to ONLY allow the first API to access it. When user1 clicks the button to make the call to the api, using the code below, I get this error:

AADSTS700051: response_type 'token' is not enabled for the application.

Code:

forecastButtonState = async () => { 
authContext.then(async data => {
  const pData = {latitude: "38.8106", longitude:"-90.6998"};

  const url = "http://localhost:3005/api/getforecast";

  const options = {
    method: 'POST',
    body: JSON.stringify(pData),
    headers: { 'Content-Type': 'application/json' }
  };

  const adalApiFetch = (fetch, url, options) =>
    adalFetch(data, data.config.endpoints.api, fetch, url, options);
  
  try {
    const { response } = await adalApiFetch(axios, url, options);
    console.log(response);
  } catch (error) {
    console.log(error);        
  }      
}); 
};

The "oauth2AllowImplicitFlow" is set to true in the manifest and that seems to be the solution for everything I have found so far. Also, under Authentication and Implicit grant both Access tokens and ID tokens are checked

I am baffled as to what is the problem. I have it configured the way it should be.

Solution

  • I recommend you to use on-behalf-of-flow for the issue. It serves the use case where an application invokes a service/web API, which in turn needs to call another service/web API.

    The steps that follow constitute the OBO(on-behalf-of) flow and are explained with the help of the following diagram.

    enter image description here

    About the Error: AADSTS700051: response_type 'token' is not enabled for the application.

    You could modify the app manifest(Navigate to App registrations -> your application -> Manifest ) or select token in the Authentication (Navigate to App registrations -> your application -> Authentication).

    Manifest:

    enter image description here

    Authentication:

    enter image description here

    UPDATE:

    Try this URL, make sure the api can be called well.

    https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id={your-client-id}
&response_type=id_token
&redirect_uri=https://jwt.ms
&scope=openid
&response_mode=fragment
&state=12345
&nonce=678910