Overview
The following error is received in the tenant logs when users are creating the account during login via WindowsLive social login.
"description": "Error retrieving AzureAD profile"
Solution
On October 26th, 2017 Microsoft announced the deprecation of the Live Connect API and Live SDK. This is a Microsoft deprecation that will affect Auth0 customers using the Microsoft social connection. Affected customers were notified at the time.
These are the steps required to fix the problem:
- Open the Microsoft Account connection in the Dashboard.
- Select “Azure AD (personal accounts)” in the ‘Strategy Version’ field. Once this step has been completed, user authentication will be performed using Azure Active Directory v2.
- If calling Microsoft’s APIs from applications, Migrate from Live SDK to Microsoft Graph.
The solution above should help users who already have an active Microsoft account. However, if the users sign up to Microsoft during login through Auth0, their profile will be partially provisioned on Microsoft’s side, leading Auth0 to fail while retrieving the user profile from Microsoft.
This issue can be resolved by the user logging in to Microsoft directly once with their new account which helps the user profile to be fully provisioned. The recommended workaround for this use case is to display an error message on the application side to guide the user to take the necessary steps.
For example, when the login fails with this particular error message on the application, the application may present the user a message like the following.
Please sign in to Microsoft with your recently created account and try to log in again.