Fix AADB2C90018: 3 Fast Steps for Client ID in 2025
Stuck on Azure error AADB2C90018? Learn to fix this frustrating client ID issue in 3 fast steps for 2025. Get your B2C authentication working now!
David Chen
Microsoft Certified Azure Solutions Architect specializing in identity and access management.
You’ve been coding for hours. The new authentication flow using Azure AD B2C is finally ready. You push the changes, fire up the application, and click the login button, filled with anticipation. And then… BAM. A stark, unhelpful error page appears, cryptically mentioning AADB2C90018 and that "the user is not authenticated."
Your heart sinks. It sounds like a user problem, but that error code is a dead giveaway. This isn't about user credentials; it's a configuration breakdown between your application and Azure. It’s one of the most common—and frustrating—hiccups developers face when implementing B2C, but don't worry. It's almost always a simple fix.
This guide will cut through the noise and show you exactly how to diagnose and resolve the AADB2C90018 error in three straightforward steps. Let's get your users logging in again.
What is the AADB2C90018 Error, Really?
Before we dive into the fix, let's understand the message Azure is sending us. The error code AADB2C90018 translates to a simple statement: "The client ID '[your_client_id]' specified in the request is not registered in tenant '[your_tenant_name]'."
In plain English, your application sent an authentication request to an Azure AD B2C tenant, but the tenant looked at the client_id (also known as the Application ID) and said, "I have no idea who you are."
This isn't a bug; it's a critical security feature. It prevents unauthorized applications from even attempting to use your B2C user flows. The problem arises from a simple mismatch. Your application is knocking on the door with the wrong key. Our job is to find the right key and make sure the application is using it correctly.
Step 1: Scrutinize Your B2C Application Registration
Our first stop is the source of truth: the Azure portal. This is where your application is defined and where its unique identifier—the Client ID—lives. A single typo here can derail the entire process.
How to Find the Correct Client ID
- Log in to the Azure Portal.
- Navigate to your Azure AD B2C tenant. (Crucial: Make sure you're in the correct directory/tenant where your B2C application is registered!)
- In the left-hand menu, under "Manage," select App registrations.
- Find and click on the specific application you are trying to configure (e.g., "MyWebApp," "com.mycompany.mobileapp").
- You'll land on the application's Overview page. The value you need is prominently displayed: Application (client) ID.
It will be a GUID (Globally Unique Identifier) that looks something like this: 12345678-abcd-1234-abcd-1234567890ab.
Action: Use the "copy to clipboard" icon next to the ID. This eliminates the risk of typos from manual transcription. Don't trust your memory or a sticky note; copy the value directly from the portal. This is your master key.
Step 2: Audit Your Application's Configuration File
Now that you have the correct Client ID on your clipboard, it's time to check where your application is actually getting it from. This is, by far, the most common point of failure. A tiny discrepancy between the portal and your code's configuration is all it takes to trigger AADB2C90018.
The location of this setting depends on your application's framework.
For ASP.NET Core (appsettings.json)
In modern .NET applications, you'll find this in your appsettings.json file, or an environment-specific version like appsettings.Development.json.
{
"AzureAdB2C": {
"Instance": "https://yourtenant.b2clogin.com",
"Domain": "yourtenant.onmicrosoft.com",
"ClientId": "12345678-abcd-1234-abcd-1234567890ab", // <-- PASTE THE CORRECT ID HERE
"SignUpSignInPolicyId": "B2C_1_signup_signin",
// ... other settings
}
}
Action: Paste the Client ID you copied from the Azure portal directly into the ClientId field. Check for any hidden characters or spaces that your editor might have added.
For Legacy ASP.NET (Web.config)
For older .NET Framework applications, your settings are likely in the Web.config file under the <appSettings> section.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="ida:Tenant" value="yourtenant.onmicrosoft.com" />
<add key="ida:ClientId" value="12345678-abcd-1234-abcd-1234567890ab" /> <!-- PASTE HERE -->
<add key="ida:SignUpSignInPolicyId" value="B2C_1_signup_signin" />
<!-- ... other settings -->
</appSettings>
<!-- ... -->
</configuration>
Action: Replace the value for the ida:ClientId key with the one from the portal. Be extra careful with XML syntax.
Pro Tip: Are you working with multiple environments (Dev, Staging, Prod)? Double-check that you are editing the correct configuration file or using the correct environment variable. It's incredibly common to have a valid Production Client ID accidentally configured in your Development environment, which points to a different B2C tenant.
Step 3: Validate the B2C Tenant and Policy
If you've verified the Client ID is a perfect match and you're still seeing the error, the issue might be one level higher: you could be talking to the wrong B2C tenant entirely.
Remember the error message: "...not registered in tenant '[your_tenant_name]'." The Client ID is unique per tenant. A Client ID from your `mycompany-dev` tenant will not be recognized by your `mycompany-prod` tenant.
In your configuration file, look for the setting that defines the B2C instance or authority URL. It usually looks like this:
- Instance:
https://yourtenant.b2clogin.com - Authority:
https://yourtenant.b2clogin.com/yourtenant.onmicrosoft.com/B2C_1_your_policy
Action: Compare the yourtenant part of this URL with the tenant name you see in the Azure portal where you copied the Client ID from. If you copied the ID from `mycompany-prod.onmicrosoft.com` but your config file points to `https://mycompany-dev.b2clogin.com`, you've found the problem. Your app is using a valid key on the wrong lock.
Ensure that the tenant name in your config URL matches the tenant where the App Registration exists. This simple cross-reference solves a surprising number of AADB2C90018 errors that persist after checking the ID itself.
Quick Fix Table: Common Mistakes & Solutions
Here’s a quick reference table to help you spot the issue faster.
| Symptom / Common Mistake | Likely Cause | Solution |
|---|---|---|
| Error appears after pulling latest code from source control. | A teammate checked in a config file pointing to their dev tenant or with a different Client ID. | Verify appsettings.json or Web.config. Use .NET's user secrets or environment variables to avoid checking in sensitive keys. |
| Error only happens in Production, not Dev. | The deployment pipeline used the wrong configuration transform or environment variable for the Client ID or Tenant Name. | Inspect the deployed application's configuration on the server. Verify your CI/CD pipeline variables for Production. |
| You copied the ID, but it still fails. | You might have copied the Object ID or Tenant ID instead of the Application (client) ID from the Azure portal. | Go back to the App Registration's "Overview" page and ensure you are copying the value explicitly labeled "Application (client) ID". |
| You're 100% sure the ID and Tenant are correct. | A subtle issue with the request URL construction, often related to the policy name. | Check that the SignUpSignInPolicyId (or equivalent) in your config exactly matches the User Flow name in your B2C tenant. A typo like B2C_1_signin vs B2C_1_SignIn can matter. |
Conclusion: Banish AADB2C90018 for Good
The AADB2C90018 error feels daunting, but it almost always boils down to a simple configuration mismatch. By systematically checking these three areas, you can quickly resolve the issue and move on to more important work.
To recap our three fast steps for 2025 and beyond:
- Source of Truth: Get the exact Application (client) ID from the correct App Registration in the Azure portal.
- Application Config: Paste that ID into your application's configuration file (
appsettings.jsonorWeb.config), ensuring you're editing the right file for your environment. - Tenant Context: Verify that your application's configuration points to the correct B2C tenant URL—the same tenant where the app is registered.
Next time you see this error, don't panic. Take a deep breath, follow these steps, and you'll have it fixed in minutes. Happy coding!