Share via

Get error AADSTS50049: Unknown or invalid instance React-MSAL B2c

Tim Anderson 0 Reputation points
2025-02-12T21:42:35.48+00:00

I get this error AADSTS50049: Unknown or invalid instance. Trace ID: 3559fb7f-0cbf-4024-bca7-71ff99794200 Correlation ID: 02b1638c-48e7-4a30-8e5c-4ca28a6ffb9d Timestamp: 2025-02-12 21:24:10Z

No matter what I enter for my react-msal azure b2c config. Config is below:

const msalConfig = {
    
    auth: {
      clientId: 'xxxxxxxxxxxx', // This is the ONLY mandatory field that you need to supply.
      authority: "https://linkbridgeb2c.onmicrosoft.com.b2clogin.com/linkbridgeb2c.onmicrosoft.com/B2C_1_signin1", // Choose SUSI as your default authority.
      knownAuthorities: ["linkbridgeb2c.b2clogin.com"], // Mark your B2C tenant's domain as trusted.
      redirectUri: '/', // You must register this URI on Azure Portal/App Registration. Defaults to window.location.origin
      postLogoutRedirectUri: '/', // Indicates the page to navigate after logout.
      navigateToLoginRequestUrl: false, // If "true", will navigate back to the original request location before processing the auth code response.
    },
    cache: {
      cacheLocation: "localStorage",//keeps login token across sites
    },
    system: {
      loggerOptions: {
        logLevel: msal.LogLevel.Warning,
        loggerCallback: (level, message, containsPii) => {
          if (containsPii) {
            return;
          }

          if(process.env.REACT_APP_ENV === "PROD") {
            fetch(`${process.env.REACT_APP_WEB_API_B2C}/api/logs/auth-error`, {
              method: 'POST',
              body: JSON.stringify(message)
            });
          }
          return;
        },
        piiLoggingEnabled: false
      }
    }
  };

Error response obj below:

{

  "error": "invalid_instance",

  "error_description": "AADSTS50049: Unknown or invalid instance. Trace ID: 3559fb7f-0cbf-4024-bca7-71ff99794200 Correlation ID: 02b1638c-48e7-4a30-8e5c-4ca28a6ffb9d Timestamp: 2025-02-12 21:24:10Z",

  "error_codes": [
50049
  ],

  "timestamp": "2025-02-12 21:24:10Z",

  "trace_id": "3559fb7f-0cbf-4024-bca7-71ff99794200",

  "correlation_id": "02b1638c-48e7-4a30-8e5c-4ca28a6ffb9d",

  "error_uri": "https://login.microsoftonline.com/error?code=50049"

}
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,229 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sanoop M 680 Reputation points Microsoft Vendor
    2025-02-13T23:08:48.18+00:00

    Hello @Tim Anderson,

    Thank you for posting your query on Microsoft Q&A.

    Firstly, please note that the Authority and KnownAuthorities URL should be in the below format.

    authority: "https://<your-tenant>.b2clogin.com/<your-tenant>.onmicrosoft.com/<your-policyID>",

    knownAuthorities: ["<your-tenant>.b2clogin.com"]

    But as per the code, you have configured as mentioned below.

    authority:"https://linkbridgeb2c.onmicrosoft.com.b2clogin.com/linkbridgeb2c.onmicrosoft.com/B2C_1_signin1",

    knownAuthorities: ["linkbridgeb2c.b2clogin.com"]

    As I have validated the authority URL, in the place of your-tenant, you have updated linkbridgeb2c.onmicrosoft.com instead of linkbridgeb2c.

    Could you please change the authority URL as mentioned below and check the behavior.

    authority:"https://linkbridgeb2c.b2clogin.com/linkbridgeb2c.onmicrosoft.com/B2C_1_signin1",

    For more detailed information, please refer to the below document for your reference.

    Configure authentication in a sample React SPA by using Azure Active Directory B2C | Microsoft Learn

    Based on the error message what you are currently getting AADB2C90117: The scope 'User.Read' provided in the request is not supported, please follow the below mentioned steps and check the behavior.

    Please try to add the B2C Authority URI to your scope, instead of the graph resource uri as mentioned below and check the behavior.

    https://graph.microsoft.com/v1.0/me', ["https://authorityuri/user.read"]

    Additionally, please note that there are some extra configuration steps required to set up Microsoft Graph for B2C, please make sure you follow the instructions here.

    Also answering for your last question, yes since initially the scope what you were passing is ['user.read'], should be changed to ["https://authorityuri/user.read"], i.e., you have to add the B2C Authority URI to your scope and it should be in the below format.

    ["https://authorityuri/user.read"].

    I hope this above information provided is helpful. Please feel free to reach out to us if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    You found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.