How To Add Query Params in ADB2C to ADB2C Federated Authentication Using OIDC protocol
I'm trying to Federate from one ADB2C tenant to another ADB2C tenant.
I'm following the doc:
The identity provider tenant has a restriction that the authorization endpoint will work only if the authorization endpoint contains a list of specific query parameters. However, since the authorize endpoint is self constructed in ADB2C using Well-known openid config, I'm not sure how I would be able to add the query params to the authorize endpoint.
I tried to add the query params as Item Key as follows which isn't working:
I also tried to add the query params directly to Metadata which says incorrect xml format. Example:
Both the above approach aren't working. I'm thinking of using OAuth2 Protocol provider and test if I could do something with it. But I doubt that's even possible. Anyone else has any solution for this
You can add additional query string parameters to the /authorize request by adding them as additional input parameters to the OpenID Connect technical profile:
<InputClaims>
<InputClaim ClaimTypeReferenceId="domain_hint" DefaultValue="contoso.com" />
</InputClaims>
You can do the usual InputClaims things of mapping to claims that already have values or setting the name of the query string parameter as something separate to the name of the claim
<!-- domainHint has been pre-populated, e.g. based on user's email domain -->
<InputClaims>
<InputClaim ClaimTypeReferenceId="domainHint" PartnerClaimType="domain_hint" />
</InputClaims>
Your metadata XML issue is something slightly separate. There you need to escape the ampersands:
<Item Key="METADATA">{base-path}/.well-known/openid-configuration?query_1=value&query2=value&query_3=value</Item>
Though unless you need to pass fixed query string parameters to the OIDC metadata endpoint there's no need to do that at all.
- oAuth2.0: Why need "authorization-code" and only then the token?
- How To Add Query Params in ADB2C to ADB2C Federated Authentication Using OIDC protocol
- how to Get token from URL?
- (Tauri) Can't refresh access token in cloud function - invalid_grant
- Google OAuth 2 authorization - Error: redirect_uri_mismatch
- Is there an authorization server that I can use to test a client implementation of OAuth 2.0?
- Where is the list of which Google OAuth2 scopes are considered "sensitive"?
- Unable to use package "golang.org/x/oauth2" to authenticate with facebook: "Missing redirect_uri parameter"
- Right way for access token flow between microservices secured with OAuth/OIDC
- Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
- Use delegated permissions on a daemon using Microsoft Graph
- Callback github URI with Oauth2 and Spring Boot 3.4.0 not found after authentication
- linkedin oauth authorization fails with "Bummer, something went wrong"
- Is storing an OAuth token in cookies bad practice?
- How do I setup authentication via multiple IdPs that support OAuth 2.0?
- What is the Purpose of "postmessage" in a Redirect URI?
- Spring Boot 3.X, Spring security 6 and Oauth 2 - client authorization - auth code not processed
- What's the purpose of the client secret in OAuth2?
- Office 365 IMAP authentication via OAuth2 and python MSAL library
- SMTP and OAuth 2
- Verify the integrity of Google ID token in Ruby
- openliberty openidConnectClient authFilter not working
- What's the point of refresh token?
- What is the purpose of a "Refresh Token"?
- "no_valid_keys_or_signatures" Error Calling DocuSign API through Java SDK for OAuth 2.0 Authentication
- oauth2 proxy with Ingress nginx not passing X-Auth-Request headers during standard auth flow
- How to configure OAuth2AuthorizedClientManager with an HTTP proxy?
- Spotify API AttributeError: module 'spotipy.util' has no attribute 'oauth2'
- 3rd party cookies in Android 14/New Chrome using Angular/Firebase Auth/Hosting and NodeJs in Server
- Error: Invalid Request: Value passed for the authorization code was invalid