Server error occured while using B2C on Azure API Management Develop portal
I want to add the ability to sign in or up for my APIM developer portal via any Microsoft account type (personal or corporate, work ...).
I have uploaded SocialAndLocalAccounts custom policy from the starter pack (removed the Facebook provider and added AADCommon-OpenIdConnect) - I have attached these files below.
I have errors while I'm trying to sign up via a local or Microsoft account.
Let's try to look Microsoft account (multitenant)
Click "Multi-Tenant ADD" button
When you filled the email and password, you will be redirected to webPortal.com/signup-oauth#provider=AadB2C&token=eyJhbGciOiJSUzI1NiIsImtpZ...
Looks like, all is good except that we have lost the session, and when we press "sign up" button, we get an exception:
the JWT token
Similar behavior I have when I try to sign up via a local account, but on the first step - record with user created in b2c tenant and then we can sign in by login and password:
When I filled email and password and confirmed email address, this one error, and 401 error code for "/identity", and 403 for "/users" endpoints .
- The requests to Users and Identity have a header: Authorization: AadB2C
id_token="eyJhbGciOiJSUzI1NiIsImtpZC....."
- The requests to Users and Identity have a header: Authorization: AadB2C
id_token="eyJhbGciOiJSUzI1NiIsImtpZC....."
When I try to click "Microsoft Account" again - server redirects me to this one page:
The jwt from the local account is this one:
So, Azure Active Directory B2C tenant has:
- App registrations - apimb2cdemo with secret code, that I have set to APIM Identity (Accounts in any identity provider or organizational directory (for authenticating users with user flows))
- SocialAndLocalAccounts custom policy from the starter pack (Attached)
- app registrations - ProxyIdentityExperienceFramework - app (Accounts in this organizational directory only (Tenant only - Single tenant))
- app registrations - IdentityExperienceFramework - app (Accounts in this organizational directory only (Tenant only - Single tenant))
- app registrations - webapp1 - app (just for testing - jwt.ms) (Accounts in any identity provider or organizational directory (for authenticating users with user flows))
APIM Developer portal tenant has:
- app registrations - Azure AD B2C App with secret code, that I have set to my ClaimsProvider in TrustFrameworkExtensions
Redirect URL: https://your-b2c-tenant-name.b2clogin.com/your-B2C-tenant-name.onmicrosoft.com/oauth2/authresp
(Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)) - Here, I chose a different option compared to the article
new one Identity provider in APIM Developer portal Menu
Azure Active Directory B2C - has reference to apimb2cdemo app with id and secret key and custom policy name and Client library - MSAL.
For this task, I am using these tutorials:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy (from 1 to 3 tutorials)
https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-aad-b2c
Here I have left custom policies that I'm using - https://drive.google.com/drive/folders/1F1uBgF1R96dTUVziNOrw2WTH6dd_xCUH?usp=sharing
I have no idea what happened and why I have faced these issues, could you please assist me with this issue?
I'm looking forward to any ideas and solutions.
Thank you in advance!
I'm glad to inform you that I have fixed this issue.
In my case: I have changed to ADAL library and missed a claim (oid).
User’s ObjectID(oid) and Subject(sub) claims in AADB2C token are necessary for APIM to identify the caller of APIM user creation call from developer portal. Lacking either of these two claims will cause AccessDenied issue.
- Use managed identity of the web app to manage b2c using graph api
- Azure AD B2C error AADB2C90057 when I am NOT trying to use the implicit flow
- no email in claim when logging on via Entra ID
- Azure B2C App Always Redirects to <domain>/MicrosoftIdentity/Account/Error
- How to Implement Direct Username and Password Login with Azure AD B2C in Flutter without Using Microsoft's UI?
- How to properly restrict access to an azur eweb application?
- Azure Tenant setup for .NET Blazor WASM calling Web API + Microsoft Graph
- I am not able to import the powershell module Microsoft.Graph.Entra.Beta
- B2C Custom Policy: Error changing localAccountPasswordReset Content selfAsserted policy version beyond 1.1.0
- Non Verified Domain as IdntifierUri for Azure B2C IEF Application
- B2C authentication not returning access_token
- How to disable authentication during the start up of an ASP.NET Core 5 Blazor B2C application?
- Email address empty when trying to read it out at the back end
- Creating a user in Azure AD B2C through Microsoft SSO
- Azure B2C client credentials flow throws invalid_grant AADB2C90085
- Error trying to add JavaScript to Azure B2C Local Signup Page
- Claim groups is not supported in Azure Active Directory Provider
- Getting access token in Blazor WASM Standalone
- Azure AD B2C password expiration
- Creating authentication flow in .NET MAUI app for Azure AD B2C
- Limit Azure Active Directory Registrations
- Custom policy to send OTP code via sendgrid gives exception about otpToVerify not being found but required
- AzureAd .NET - React running on same domain
- Azure B2C: MFA With Email. Field Blank
- How to troubleshoot RESTful endpoint response in custom policy?
- Azure AD B2C - Can I host custom UI pages on private server?
- Microsoft: Unable to resolve Configuration with the provided Issuer
- Getting Redirect URI Mismatch error in Azure AD b2C
- Trigger azure function on user registration in b2c
- Azure AD B2C IEF custom sign-up policy grab query parameters