2

I am using Azure B2C to authenticate a native Xamarin forms app. It all works perfectly using the correct b2clogin.com domain to return an access token

When I try and return a token using Postman, it does not work if I use b2clogin - only login.microsoftonline.com

After puzzling over this for a while I looked in Fiddler and noticed the URL is changed when it is submitted

This only happens when I switch the domain from one to another

This lead me to the Issuer URL which is set up when you enable B2C authentication for app service in AAD and that it's configured for b2clogin, not for live.microsoftonline.com

The other problem is the microsoftonline domain returns a token but not one that will authenticate with my protected application

I am using Postman to return a token that works with my app. It does not, as described above

When I look in Fiddler, the URL I pass in as Authority which looks like this in Postman

https://mydomainb2c.b2clogin.com/{tenant domain name}/oauth2/v2.0/authorize?p=B2C_1_SiUpIn

has been converted to this

https://mydomainb2c.b2clogin.com/B2C_1_SiUpIn/{tenant domain name}/oauth2/v2.0/authorize?

As you can see it's taken the Policy and put it elsewhere in the URL

This ONLY happens with b2clogin - not microsoftonline

As noted above the URL being posted is simply wrong, and so the effect in Postman is of a constantly reloading page that never reaches login

Journeyman1234
  • 547
  • 4
  • 18
  • Hi @Journeyman1234. Is the policy name inserted before or after the tenant name? – Chris Padgett Aug 08 '19 at 07:27
  • In the auth URL field, which I configure, it is after the tenant name. But when I inspect it in fiddler, it is the other way around. Before: https://mydomainb2c.b2clogin.com/mydomainb2c.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1_UserInfoSignUpSignInPolicy After: https://mydomainb2c.b2clogin.com/mydomainb2c.onmicrosoft.com/b2c_1_userinfosignupsigninpolicy/oauth2/v2.0/authorize?response_type=id_token – Journeyman1234 Aug 08 '19 at 07:51
  • @ChrisPadgett - just noticed this has nothing to do with postman. If I go to the xxxx.azurewebsites.net domain my app service is on, the site attempts to redirect me to the same broken link and so never finishes loading - what on earth is causing that? – Journeyman1234 Aug 08 '19 at 09:36
  • @ChrisPadgett - further investigation suggests the issue is related to the Issuer Url field when you configure the app service AAD authentication. I have done what is described in this link, in order to get the Xamarin app working, but it appears to be why the web access is broken? https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-add-identity-providers – Journeyman1234 Aug 08 '19 at 12:20

1 Answers1

0

I figured out using Fiddler to dig into the error messages more

The issue is that when using login.microsoftonline.com you will get a token that doesn't work for b2clogin directory

When you switch to B2C login directory, you have to make sure you carefully check the callback URL

That was the problem in my case - I had to put the reply to URL from my registered native app in place of the usual postman or microsoft oauth URL that usually goes there

Journeyman1234
  • 547
  • 4
  • 18