Comments (6)
Did you create a web api application, publish the same scopes, and update the app uri in the settings? (See step 4 in the Readme)
from active-directory-b2c-dotnetcore-webapp.
@Marren85 I get the same thing. result.AccessToken is null after the AcquireTokenByAuthorizationCodeAsync call. If I swap my appsettings back to the ones in the sample that call returns an access code. Did you find a solution or what was wrong with the B2C config?
from active-directory-b2c-dotnetcore-webapp.
@4deeptech can you confirm that you did the following:
- Register your web api and define scopes for it
- In your web app's registration, indicate that you want to consume those scopes.
- Change your web app's OpenID Connect middleware:
i. Response type of "id_token code"
ii. Scope of "openid {your-web-api-scopes}" - Finally, you'll use MSAL in the OnAuthorizationCodeReceived event to redeem the code for an access token.
See this article for more details: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-access-tokens
from active-directory-b2c-dotnetcore-webapp.
@parakhj Here's the setup. Have two app registrations. This web app (this repo) is one of them, then I have a Web API as the second one. I created published scopes for the Web API and in the Web app I added (in the API Access area of the portal) both the Web App and the Web API apps as permitted scopes. So I did item 1 and item 2 that you mention. As for Item 3, since my web app is the code from this repo, lines 43-58 in OpenIdConnectOptionsSetup.cs are already doing that. As for item 4, again, this repo has that wired up. Basically, if I merely swap out the app settings I get different behavior so the difference has to be in the B2C configuration. The OnAuthorizationCodeReceived callback occurs and it calls AcquireTokenByAuthorizationCodeAsync but the response only contains a new token id value with all the same claim info as the oriignal token id passed in except that it contains a nonce value instead of "defaultNonce" so the call appears to be doing something. It just IS NOT returning a value for AccessToken. Just FYI, if I use the id_token JWT and pass that as the Bearer token(since the Access Token is null) to the web api, the web api validates it and gives me access and returns the sample response. I don't understand why passing the 'code' to AcquireTokenByAuthorizationCodeAsync does not return an AccessToken but does return a new id_token with the nonce value set.
from active-directory-b2c-dotnetcore-webapp.
@parakhj @Marren85 I figured out the issue after fiddling for quite a while. The solution was actually very simple. The API Scope you request is NOT the published scope name, its the published scope VALUE. If the name is demo.read and the value is 'READ' then you request [APP ID URI]/READ and NOT [APP ID URI]/demo.read
from active-directory-b2c-dotnetcore-webapp.
@4deeptech sorry about that. We are working to improve the documentation/UI.
from active-directory-b2c-dotnetcore-webapp.
Related Issues (20)
- got secure error when I try to sign in HOT 2
- Not compatible with aspnet core 2.1 HOT 1
- Error from RemoteAuthentication: Message contains error: 'redirect_uri_mismatch', error_description: 'AADB2C90006: The redirect URI 'http://b2.95e4700435c54427a457.northeurope.aksapp.io/signin-oidc' provided in the request is not registered for the client id 'eb201049-e7b1-4227-9a7c-5bb259261d37'. Correlation ID: 8f75359e-009f-44e3-b537-3f85f58cdd9c HOT 6
- User.Identity.Name is null and HttpContext.User.Claims is empty HOT 6
- ERROR Account username: Missing from the token response environment login.microsoftonline.com home account id: AccountId: XXXX HOT 8
- Single-Sign Out AD B2C HOT 2
- NullReferenceException in MSALSessionCache constructor HOT 1
- acquireTokenSilent sometimes returns a null accesstoken HOT 1
- Error messages in OnRemoteFailure should be url encoded before appending to query string HOT 3
- Latest version of AAD B2C? HOT 2
- Update the repository to not use Bower HOT 3
- Update the repository to use the latest MSAL version HOT 2
- b2clogin.com for ASP.NET Core HOT 7
- No accounts being returned on cca.GetAccountsAsync()
- Words 'simple' and 'dead simple' should be removed from content. HOT 1
- Unit testing for SessionController HOT 1
- Compatibility with .NET Core 3.1 HOT 2
- How do I diagnose errors? HOT 1
- How to pass domain_hint while calling B2C for login HOT 1
- How to select a policy at runtime?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from active-directory-b2c-dotnetcore-webapp.