Protecting Cloud Storage in the Age of AI
July 17, 2025Model Mondays S2:E5 – Fine Tuning & Distillation with Dave Voutila
July 17, 2025
Normally, this is because you have used the wrong client_id in the extension custom policy.
However, I came across a weird instance of this error.
It was to do with how they configured the Application ID URI under “Expose an API”.
The official reference is here.
“Next, expose the API by adding a scope:
- In the left menu, under Manage, select Expose an API.
- Select Add a scope, then select Save and continue to accept the default application ID URI.
- Enter the following values to create a scope that allows custom policy execution in your Azure AD B2C tenant:
- Scope name: user_impersonation
- Admin consent display name: Access IdentityExperienceFramework
- Admin consent description: Allow the application to access IdentityExperienceFramework on behalf of the signed-in user.”
I had a client who made the Application ID URI:
https://tenantprod.onmicrosoft.com/tenantprod/user_impersonation
instead of:
https://tenantprod.onmicrosoft.com/tenantprod
which caused the “user_impersonation” scope to be:
https://tenantprod.onmicrosoft.com/tenantprod/user_impersonation/
user_impersonation
instead of:
https://tenantprod.onmicrosoft.com/tenantprod/user_impersonation
This caused the following error when the user tried to sign in:
{
"Key": "Exception",
"Value": {
"Kind": "Handled",
"HResult": "80131500",
"Message": "Invalid username or password.",
"Data": {
"IsPolicySpecificError": false
}
}
}
All good!
Azure AD B2C error “80131500” “Invalid username or password” was originally published in The new control plane on Medium, where people are continuing the conversation by highlighting and responding to this story.
