Server error occured while using B2C on Azure API Management Develop portal
I want to add the ability to sign in or up for my APIM developer portal via any Microsoft account type (personal or corporate, work ...).
I have uploaded SocialAndLocalAccounts custom policy from the starter pack (removed the Facebook provider and added AADCommon-OpenIdConnect) - I have attached these files below.
I have errors while I'm trying to sign up via a local or Microsoft account.
Let's try to look Microsoft account (multitenant)
Click "Multi-Tenant ADD" button
When you filled the email and password, you will be redirected to webPortal.com/signup-oauth#provider=AadB2C&token=eyJhbGciOiJSUzI1NiIsImtpZ...
Looks like, all is good except that we have lost the session, and when we press "sign up" button, we get an exception:
the JWT token
Similar behavior I have when I try to sign up via a local account, but on the first step - record with user created in b2c tenant and then we can sign in by login and password:
When I filled email and password and confirmed email address, this one error, and 401 error code for "/identity", and 403 for "/users" endpoints .
- The requests to Users and Identity have a header: Authorization: AadB2C
id_token="eyJhbGciOiJSUzI1NiIsImtpZC....."
- The requests to Users and Identity have a header: Authorization: AadB2C
id_token="eyJhbGciOiJSUzI1NiIsImtpZC....."
When I try to click "Microsoft Account" again - server redirects me to this one page:
The jwt from the local account is this one:
So, Azure Active Directory B2C tenant has:
- App registrations - apimb2cdemo with secret code, that I have set to APIM Identity (Accounts in any identity provider or organizational directory (for authenticating users with user flows))
- SocialAndLocalAccounts custom policy from the starter pack (Attached)
- app registrations - ProxyIdentityExperienceFramework - app (Accounts in this organizational directory only (Tenant only - Single tenant))
- app registrations - IdentityExperienceFramework - app (Accounts in this organizational directory only (Tenant only - Single tenant))
- app registrations - webapp1 - app (just for testing - jwt.ms) (Accounts in any identity provider or organizational directory (for authenticating users with user flows))
APIM Developer portal tenant has:
- app registrations - Azure AD B2C App with secret code, that I have set to my ClaimsProvider in TrustFrameworkExtensions
Redirect URL: https://your-b2c-tenant-name.b2clogin.com/your-B2C-tenant-name.onmicrosoft.com/oauth2/authresp
(Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)) - Here, I chose a different option compared to the article
new one Identity provider in APIM Developer portal Menu
Azure Active Directory B2C - has reference to apimb2cdemo app with id and secret key and custom policy name and Client library - MSAL.
For this task, I am using these tutorials:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy (from 1 to 3 tutorials)
https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-aad-b2c
Here I have left custom policies that I'm using - https://drive.google.com/drive/folders/1F1uBgF1R96dTUVziNOrw2WTH6dd_xCUH?usp=sharing
I have no idea what happened and why I have faced these issues, could you please assist me with this issue?
I'm looking forward to any ideas and solutions.
Thank you in advance!
I'm glad to inform you that I have fixed this issue.
In my case: I have changed to ADAL library and missed a claim (oid).
User’s ObjectID(oid) and Subject(sub) claims in AADB2C token are necessary for APIM to identify the caller of APIM user creation call from developer portal. Lacking either of these two claims will cause AccessDenied issue.
- Add claims into token Azure B2C
- I am getting an error that OAuth2 Code has already been redeemed
- Azure B2C modify SAML AccessTokenLifetime
- Cannot create Azure B2C Tenant
- My Azure AD B2C User Flow is not returning a token on jwt.ms
- Azure B2C user flow without an email
- Azure B2C Custom Policy - REST Call with Bearer Token from OIDC Step
- how to limit code verification email Spaming in Azure B2C
- Local user accounts not created properly in Azure AD B2C
- How do add device management to TOTP custom B2C policy?
- Server error occured while using B2C on Azure API Management Develop portal
- Changing Default Email Address in Azure AD B2C User Flows Without Custom Policies
- Can you create 'User Flows' in Azure with a pay-as-you-go account
- AADB2C90068: The provided application with ID is not valid against this service. Please use an application created via the B2C portal and try again
- Azure B2c error 'Unable to validate the information provided.' when using custom attributes
- Azure B2C multi-tenant Microsoft Entra ID doesn't allow sign in as another Microsoft account
- In Azure AD B2C who provides the ID token?
- Azure: Use App Gateway for Custom B2C Domain instead of Front Door
- How to add UAE Pass as identity provider to Azure AD B2C
- Configuration in Azure AD B2C for Custom Policies
- Azure B2C - Password Rules Not Reflecting (Signup + Password Reset)
- Need help getting Azure AD B2C SSO with Azure AD
- Azure B2C - confusing expiring fields in refresh token
- Azure Static Web App - Only Allow Authenticated Users (Entra, B2C)
- KeyCloak Integration with Azure B2C UserName Mapping Issue
- How do I programmatically clear or update a phone number for Azure AD B2C MFA?
- B2C - How to override sign up now link (custom policy)
- Azure B2C IdP-Access Token fails with IDX10511: Signature validation failed
- B2C Sign-up screen shows {OIDC:LoginHint} instead of the login
- During signIn receiving B2C error code ‘AADB2C99059’