Apr 19 2024 06:54 AM
We are developing a multi-tenant application where users can request new business tenants through the main domain by specifying a subdomain for each. We use Graph API to automate the creation of specific App Registrations in Azure AD B2C for each tenant's subdomain.
After the App Registration is created, attempting an immediate sign-in with Azure B2C results in a failure with the following error:
https://webuilduat.b2clogin.com/webuilduat.onmicrosoft.com/b2c_1_susi/oauth2/v2.0/token 400 (Bad Request) "AADB2C90205: This application does not have sufficient permissions against this web resource to perform the operation."
This error persists until about 30 minutes post-creation, after which sign-in functions normally. We ensure that all required scopes are correctly configured in the App Registration. This delay leads us to suspect issues with resource propagation.
What causes the AADB2C90205 error specifically when attempting immediate sign-ins post-App Registration creation?
Are there known strategies to mitigate this delay or expedite the propagation process so that authentication becomes promptly available after creating a new App Registration?
Your insights on this would be greatly appreciated as they could significantly improve our application's user experience by reducing wait times for new tenant setups.