azureazure-ad-b2cidentity-experience-framework

Error messages from REST API call is not showing in B2C custom policy


I have a self asserted technical profile in my custom policy, it have a validation technical profile which is a REST API (azure function) call. I'm not directly calling the azure function from policy, from policy will call azure APIM and APIM will pass the request to azure function.

The problem I'm facing is when my function returns a custom error message it is not showing as expected in policy.

return new OkObjectResult(new ResponseContentModel
      {
       userMessage = "Sorry, Please provide valid information ",
       status = 409,
       retryCounter = data.RetryCounter
     });

My technical profile is as follows:

<TechnicalProfile Id="Registration">
          <DisplayName>Email signup</DisplayName>
          <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
          <Metadata>
            <Item Key="IpAddressClaimReferenceId">IpAddress</Item>
            <Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item>
            <Item Key="language.button_continue">Activate Account</Item>
            <!-- Sample: Remove sign-up email verification -->
            <Item Key="EnforceEmailVerification">False</Item>
            <Item Key="setting.retryLimit">5</Item>
          </Metadata>
          <InputClaimsTransformations>
            <!--Sample: Copy the email to ReadOnlyEamil claim type-->  
            <InputClaimsTransformation ReferenceId="CreateReadOnlyEmailAddress" />
          </InputClaimsTransformations>
          <InputClaims>
            <InputClaim ClaimTypeReferenceId="email" />
            <InputClaim ClaimTypeReferenceId="givenName" />
            <InputClaim ClaimTypeReferenceId="surname" />
          </InputClaims>
          <OutputClaims>
            <OutputClaim ClaimTypeReferenceId="objectId" DefaultValue="123" />
            <OutputClaim ClaimTypeReferenceId="newPassword" Required="true" />
            <OutputClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
            <OutputClaim ClaimTypeReferenceId="tncCheckbox" Required="true" />

            <OutputClaim ClaimTypeReferenceId="retryCounter" DefaultValue="0" />
            <OutputClaim ClaimTypeReferenceId="isFound" DefaultValue="false" />
            <OutputClaim ClaimTypeReferenceId="executed-SelfAsserted-Input" DefaultValue="true" />
            <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication"/>
            <OutputClaim ClaimTypeReferenceId="newUser" DefaultValue="true" />
          </OutputClaims>
          <ValidationTechnicalProfiles>
            <ValidationTechnicalProfile ReferenceId="API-Validate-UserInfo" />
            <ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonEmail" />
          </ValidationTechnicalProfiles>
          <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
        </TechnicalProfile>

The REST API validation technical profile is as follows:

<TechnicalProfile Id="API-Validate-UserInfo">
                <DisplayName>User OTP Notifications</DisplayName>    
                <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
                <Metadata>
                  <Item Key="ServiceUrl">https://myapimurl</Item>
                  <Item Key="SendClaimsIn">Body</Item>                        
                  <Item Key="AuthenticationType">ClientCertificate</Item>
                </Metadata>
                <CryptographicKeys>
                    <Key Id="ClientCertificate" StorageReferenceId="B2C_1A_APIMClientCertificate" />
                </CryptographicKeys>
                <InputClaims>
                    <InputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="GivenName" />
                    <InputClaim ClaimTypeReferenceId="surname" PartnerClaimType="SurName"/>
                    <InputClaim ClaimTypeReferenceId="email" PartnerClaimType="Email"/>
                    <InputClaim ClaimTypeReferenceId="retryCounter" PartnerClaimType="RetryCounter"/>
                </InputClaims>
                <OutputClaims>
                  <OutputClaim ClaimTypeReferenceId="retryCounter" />
                  <OutputClaim ClaimTypeReferenceId="isFound" />
                </OutputClaims>
                <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
            </TechnicalProfile>

Error message showing in the UI is:

The claims exchange 'API-Validate-UserInfo' specified in step '5' returned HTTP error response with Code 'BadRequest' and Reason 'Bad Request'.

About the function, i'm using .net core 3.1 and function runtime version is ~3


Solution

  • Found the issue referred this article. Need to include version into the response message version, status and userMessage are mandatory fields for error response message.

    {
      version = "1.0.0",
      userMessage = "Sorry, Something happened unexpectedly. Please try after sometime.",
      status = 409,
     }