Setting SignInAudiences in aadb2c-create-test-webapp.ps1 fails.

[b3nt0]

@cljung

I'm getting an error from the HTTP PATCH operation at the end of "aadb2c-create-test-webapp.ps1".

Error output is:

Invoke-RestMethod : { "error": { "code": "InvalidAccessTokenVersion", "message": "One or more properties contains invalid values.", "innerError": { "date": "2020-08-18T12:49:22", "request-id": "bcc86468-903d-4e7f-8f57-9e558b8f8bab" } } } At C:\Users\joshu\source\repos\test\aadb2c-create-test-webapp.ps1:71 char:1 Invoke-RestMethod -Uri $apiUrl -Headers @{Authorization = "Bearer $($ ...

I've tried different values for the URL's including the beta graph endpoint and v2 token endpoint. I should also mention that I've created a new tenant and followed the getting started instructions.

I didn't think that it was even possible to set the value of SignInAudiences to the value of "AzureADandPersonalMicrosoftAccount" without going through the portal?

[b3nt0]

I was able to find a solution.

The $body variable at the bottom of the script that is included in the PATCH request needs to look like this:

$body = @{ api = @{ requestedAccessTokenVersion = 2 } SignInAudience = "AzureADandPersonalMicrosoftAccount" }
Once that has been included you can create a B2C application successfully.

This was obnoxiously hard to find. Just saying.

[thewisenerd]

using the azure CLI, please ignore this comment if irrelevant,

az rest --method PATCH --uri "https://graph.microsoft.com/v1.0/applications(appId='xx')" --body '{"api": {"requestedAccessTokenVersion": 2}, "signInAudience":"AzureADandPersonalMicrosoftAccount"}'