AADSTS70005: 未为应用程序启用 response_type‘ id_token’

Make sure you don't have two instances of the key oauth2AllowImplicitFlow in your manifest - in my case I had added the key but it was present already with the value set to false. Hopefully this solves the issue:)

try this: go to portal.azure.com select your directory, and go to Azure AD then select App registration (preview) select the app you are trying to authenticate (you should already have registered it) go to the authentication tab check "ID tokens" in the Advanced Settings section (see the bottom of the attached image)

this have worked for me

I got the error:

AADSTS700054: response_type 'id_token' is not enabled for the application.

And the resolution was setting:

{
"oauth2AllowIdTokenImplicitFlow" : true
}

in Azure Active Directory App Manifest

I was facing similar issue and when visited the page of ActiveDirectory -> App registrations, it wasnt showing new UI.

Also it doesnt allow me to set the flag in the metadata, Found the workaround for this.

https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Authentication/quickStartType//sourceType/Microsoft_AAD_IAM/appId/9bab1d75-34b8-475b-abfe-5a62c6f01234/objectId/a4b459c1-7753-400c-8f8f-46fb5451234/isMSAApp//defaultBlade/Overview/servicePrincipalCreated/true

First login to your instance, modify the above URL to paste object id and application id of your application.

Then it should show the screen @Mosè Bottacini posted.

Error : OpenIdConnectMessage.Error was not null, indicating an error. Error: 'unsupported_response_type'. This error occurred because Azure AD not return any Access tokens or ID tokens. Azure AD need to enabled check box to return tokens, after authentication is done.

How to Solve : goto Azure AD => App registration => click tab Authentication => enabled Access tokens and ID tokens check-boxes.

If you are building a client-side application, you need to include an implicit flow from the application manifest.

"oauth2AllowImplicitFlow": true,

1. Open the application settings azure portal, and load the manifest file from the " Manifest menu".

2. Search for oauth2AllowImplicitFlow and change the true value.

3. Load the file again via the same menu.

4. Exit and re-enter the app and it will work.

The implicit grant type is used for mobile applications and web applications (for example, applications that run in a web browser) where the client's secret privacy is not guaranteed.

More information about oauth2 implicit flow

Introduction to OAuth 2

Tip: For the Implicit grant, use response_type=token to include an access token. An alternative is to use response_type=id_token token to include both an access token and an ID token.

Step by Step Configuration Configure SSO

Make sure you have selected ID tokens (used for implicit and hybrid flows) You can do from Authentication blade in your app in Azure AD. See screenshot below

Or go to the Manifest blade and make oauth2AllowIdTokenImplicitFlow to true. See screenshot below

It is true like a lot of you are saying that you need to enable ID tokens (used for implicit and hybrid flows) if you really need the ID Token.

'AADSTS700054: response_type 'id_token' is not enabled for the application.

However if you use a Authorization Code Flow you don't really need it. Microsoft OpenID Connect authentication (Microsoft.AspNetCore.Authentication.OpenIdConnect) uses id_token as default ResponseType for OpenIdConnect and JwtSecurityTokenHandler.

Using AddOpenIdConnect you can set ResponseType to OpenIdConnectResponseType.Code or simply "code" and then you don't need the id_token at all.

Working example with Azure Ad and IdentityServer:

services.AddAuthentication()
.AddOpenIdConnect("aad", "Azure AD", options =>
{
options.ClientSecret = "<ClientSecret>";
options.ResponseType = OpenIdConnectResponseType.Code;
options.ClientId ="<ClientId>";
options.Authority = "https://login.microsoftonline.com/<TenantId>/";
options.CallbackPath = "/signin-oidc";
})
.AddIdentityServerJwt();

http://docs.identityserver.io/en/latest/topics/signin_external_providers.html