Skip to content

Commit 25f73f7

Browse files
genlingenlin
committed
fix the typo
1 parent 6612764 commit 25f73f7

File tree

1 file changed

+8
-8
lines changed

1 file changed

+8
-8
lines changed

support/entra/entra-id/app-integration/error-code-aadsts50000-issuing-token-sign-in-service.md

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -35,11 +35,11 @@ Make sure the client ID is valid and other required parameters are configured co
3535

3636
## Cause 3: Consent-related issues
3737

38-
The error you're referring to occurs during the OAuth2 device authorization grant flow when making a request to the token endpoint. After the user signs in to a browser window and accepts the consent dialog, this error occurs.
38+
This issue can occur in an OAuth2 Device code grant flow to the token endpoint. After the user signs in to a browser window and accepts the consent dialog, this error occurs.
3939

4040
### Solution 3 for cause 3: verify application consent settings
4141

42-
1. Go to the [Azure portal](https//portal.azure.com), make sure that the client application (Service Principal) exists in the tenant's **Enterprise Applications** page. You can search for the application by App ID.
42+
1. Go to the [Azure portal](https://portal.azure.com), make sure that the client application (Service Principal) exists in the tenant's **Enterprise Applications** page. You can search for the application by App ID.
4343
2. Verify that the user has the ability to consent to the application. Check user settings in the **Enterprise Applications** page or review relevant policies affecting user consent.
4444

4545
## Cause 4: Symmetric signing key is used in the application or service principal object
@@ -56,30 +56,30 @@ Microsoft Identity Platform (v2 endpoint) tokens must be signed by a certificate
5656

5757
:::image type="content" source="./media/error-code-aadsts50000-issuing-token-sign-in-service/manifest-sample.png" alt-text="Application Manifest Key Credentials" lightbox="/media/error-code-aadsts50000-issuing-token-sign-in-service/manifest-sample.png":::
5858

59-
Alternatively, use the AzureAD PowerShell cmdlet [Get-AzureADApplicationKeyCredential](https://docs.microsoft.com/en-us/powershell/module/azuread/get-azureadapplicationkeycredential?view=azureadps-2.0) to retrieve key credentials.
59+
Alternatively, use the AzureAD PowerShell cmdlet [Get-AzureADApplicationKeyCredential](/powershell/module/azuread/get-azureadapplicationkeycredential) to retrieve key credentials.
6060

6161
#### Step 2: Check if symmetric key is used in service principal object
6262

6363
1. If the application is not found in the **App Registrations** page in the Azure portal, browse to the **Enterprise Applications** page.
6464
2. Locate the application, and then get the **Object ID** of the Service Principal.
65-
3. Use the AzureAD PowerShell cmdlet [Get-AzureADServicePrincipalKeyCredential](https://docs.microsoft.com/en-us/powershell/module/azuread/get-azureadserviceprincipalkeycredential?view=azureadps-2.0) to retrieve key credentials.
65+
3. Use the AzureAD PowerShell cmdlet [Get-AzureADServicePrincipalKeyCredential](/powershell/module/azuread/get-azureadserviceprincipalkeycredential) to retrieve key credentials.
6666

6767
#### Step 3: Remove symmetric signing key
6868

6969
If the symmetric key exits, use:
7070

71-
- [Remove-AzureADApplicationKeyCredential](/powershell/module/azuread/remove-azureadapplicationkeycredential?view=azureadps-2.0) to remove the symmetric key for the app registration.
72-
- [Remove-AzureADServicePrincipalKeyCredential](/powershell/module/azuread/remove-azureadserviceprincipalkeycredential?view=azureadps-2.0) to remove the symmetric key for the service principal object.
71+
- [Remove-AzureADApplicationKeyCredential](/powershell/module/azuread/remove-azureadapplicationkeycredential) to remove the symmetric key for the app registration.
72+
- [Remove-AzureADServicePrincipalKeyCredential](/powershell/module/azuread/remove-azureadserviceprincipalkeycredential) to remove the symmetric key for the service principal object.
7373

74-
If a signing key is required, use a signing certificate instead. For more information, see [SAML-based single sign-on: Configure a signing certificate](/graph/application-saml-sso-configure-api?tabs=http%2Cpowershell-script#step-6-configure-a-signing-certificate)
74+
If a signing key is required, use a signing certificate instead. For more information, see [SAML-based single sign-on: Configure a signing certificate](/graph/application-saml-sso-configure-api?tabs=http%2Cpowershell-script#step-6-configure-a-signing-certificate).
7575

7676
## Cause 5: No delegated permission exposed in the resource application (web API)
7777

7878
This error can occur in the following scenario:
7979

8080
- You have a multitenant resource application registered in tenant A. This application exposes only **Application Permission** type.
8181
- In a different tenant B, you have a client application registered. In the **API permission** page for this application, you configure the permission for the resource application registered in the other tenant.
82-
- Then, you use an OAuth 2 delegated grant flow (for instance auth code grant flow) to request an access token for the resource app using the `/.default` for the web API scope.
82+
- Then, you use an OAuth2.0 On-Behalf-Of (delegation) flow to request an access token for the resource app with the `/.default` for the web API scope.
8383

8484
### Solution for cause 5
8585

0 commit comments

Comments
 (0)