Social Login with Microsoft

tanu.garg · February 21, 2023, 10:53am

Dear Members,

Issue Description: I’m setting up Social Authentication login via Microsoft using OIDC out of the box functionality of ForgeRock identity Cloud and setup the configuration as directed by documentation and I can see that FIDC get the id_token and access_token in debug window of journey but on the FIDC login page it displays error " Login Failure".
In frodo logs, it shows below:

“401 unauthorized”
nodeoutcome=NO_ACCOUNT
User is already existing in FIDC and also the script “Normalized to Managed User” shows that mail and user name.

We are just stuck here and does not know how to proceed and look further as this OOTB feature is expected to work quite smoothly. Looks like there is something missing which is very small and my eyes cant find it.

Your help in resolving this with your expert advice would be really appreciated!

Thank You,
Tanu

salbertelli01 · February 24, 2023, 10:34pm

Hi Tanu,

Welcome to the Community!
Thank you for the details where you see the id_token and access_token are received as shown in the debug window.

Please let me know if the following integration article is the documentation you followed to set up Social Authentication with Microsoft.

Thank you,

Sheila

tanu.garg · March 21, 2023, 4:01pm

After lot of troubleshooting we realised, this happens when the scope “User.read” is not added. And User.read does not work with certain tenants like outlook.com / microsoftlive

Could you please let me know if you have any idea for any alternate way to get User without User.read scope to be required to be added.

william.hepler · April 5, 2023, 4:02pm

Have you looked at

What AM likely needs is email openid and profile since AM is function as just OAuth.