Share via

Entra External ID: OTP Verify button hangs indefinitely when invalid or empty code is submitted

Longlands, Dylan 0 Reputation points
2026-04-08T11:49:43.93+00:00

On the OTP from Email verification page, clicking the "Verify" button with either an empty input or non-numeric characters causes the button to enter a permanent loading state with no error message shown and no way to recover without refreshing the page.

Steps to reproduce:

  1. Trigger an OTP flow (e.g. sign-in with email OTP)
  2. On the OTP entry page, either leave the field empty or enter non-numeric characters
  3. Click the "Verify" button
  4. Observe the form enters a loading state indefinitely
  5. No error message is shown — page must be refreshed, or back button in browser hit, to recover

Expected: Immediate validation error, button remains interactive

Actual: Button hangs in loading state with no feedback

Microsoft Security | Microsoft Entra | Microsoft Entra External ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-04-08T11:49:59.02+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The described behavior indicates a client-side validation or error-handling bug in the OTP verification page for Entra External ID email OTP flows. The expected behavior (inline validation and keeping the button interactive) is not configurable from the available documentation and is not covered by the referenced troubleshooting guidance.

    From the provided context, the only supported guidance around OTP-related failures is:

    • OTP-related sign-up/sign-in errors are surfaced as error codes (for example, 50181 for “Unable to validate the OTP” and 1002027 for “Some of the collected attributes were invalid”). These are intended to be handled by the application or UX layer and remediated by the user (for example, requesting a new OTP or re-entering attributes).
    • For persistent issues that are not resolved by the documented remediation steps, the supported path is to open a support request with Microsoft Entra support.

    Because the issue here is a UX hang with no error surfaced and no documented configuration or workaround in the provided material, the appropriate action is to:

    1. Collect details for support
      • Tenant type and configuration (External ID / B2C or CIAM tenant, user flow or custom policy in use).
      • Exact flow (for example, email OTP sign-in, sign-up, or recovery email verification) and whether it is a built-in page or a custom page.
      • Timestamp, correlation_id, and trace_id from the failing request if available (these are explicitly called out as diagnostic fields for sign-up/native auth errors).
      • Browser and device details, and whether the issue reproduces across different browsers or networks.
    2. Open a Microsoft Entra support request
      • Use the Entra support channel described in the sign-up troubleshooting article to report this as a product issue/bug, including the reproduction steps and diagnostics above.

    If this behavior is occurring inside a custom client that calls the native authentication APIs directly, the client should:

    • Inspect the error, error_description, and error_codes fields in the response when an invalid or empty OTP is submitted.
    • Ensure the UI does not stay in a loading state when an error is returned, and instead shows a validation message and re-enables the Verify button.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.