1

I am at a loss with just the README. It mentions nothing of this. I downloaded this project and followed the tutorial to customize authConfig.js, I even removed everything except my sign in policy in authConfig.js. It will not work.

https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/tree/main/1-Authentication/2-sign-in-b2c

It will go to my b2c login page and after setting the redirect URI takes me back to localhost:3000, but it won't show as authenticated. I am just getting the error in console:

FetchClient.ts:58          POST https://<domain>.b2clogin.com/<domain>.onmicrosoft.com/b2c_1_sign_in/oauth2/v2.0/token 400 (Bad Request)

My authConfig.js b2cPolicies and config:

export const b2cPolicies = {
    names: {
        signUpSignIn: "B2C_1_Sign_in"
    },
    authorities: {
        signUpSignIn: {
            authority: "https://<domain>.b2clogin.com/<domain>.onmicrosoft.com/B2C_1_Sign_in",
        }
    },
    authorityDomain: "<domain>.b2clogin.com"
}

/**
 * Configuration object to be passed to MSAL instance on creation. 
 * For a full list of MSAL.js configuration parameters, visit:
 * https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/configuration.md 
 */
export const msalConfig = {
    auth: {
        clientId: "<ID>", // This is the ONLY mandatory field that you need to supply.
        authority: b2cPolicies.authorities.signUpSignIn.authority, // Use a sign-up/sign-in user-flow as a default authority
        knownAuthorities: [b2cPolicies.authorityDomain], // Mark your B2C tenant's domain as trusted.
        redirectUri: "/", // Points to window.location.origin. You must register this URI on Azure Portal/App Registration.
        postLogoutRedirectUri: "/", // Indicates the page to navigate after logout.
        navigateToLoginRequestUrl: false, // If "true", will navigate back to the original request location before processing the auth code response.
    },
    cache: {
        cacheLocation: "sessionStorage", // Configures cache location. "sessionStorage" is more secure, but "localStorage" gives you SSO between tabs.
        storeAuthStateInCookie: false, // Set this to "true" if you are having issues on IE11 or Edge
    },
    system: {   
        loggerOptions: {    
            loggerCallback: (level, message, containsPii) => {  
                if (containsPii) {      
                    return;     
                }       
                switch (level) {        
                    case LogLevel.Error:        
                        console.error(message);     
                        return;     
                    case LogLevel.Info:     
                        console.info(message);      
                        return;     
                    case LogLevel.Verbose:      
                        console.debug(message);     
                        return;     
                    case LogLevel.Warning:      
                        console.warn(message);      
                        return;     
                }   
            }   
        }   
    }
};

It works with the default still on the page. What would be wrong?

Solution It was an issue in my manifest for app registration.. Azure AD B2C: Clients must send a client_secret when redeeming a confidential grant

JoeD
  • 85
  • 1
  • 9
  • 1
    Can you check the Network tab in your browser developer tools, what is the response from Azure AD B2C? There is usually additional error information in the response body. – juunas Jun 30 '22 at 16:51
  • Ah, thank you. Still kind of new and didn't think to use that. I used that to figure out it was missing the secret id. Found the solution here: https://stackoverflow.com/questions/59163544/azure-ad-b2c-clients-must-send-a-client-secret-when-redeeming-a-confidential-gr – JoeD Jun 30 '22 at 16:59

1 Answers1

2

Your redirect URI must be of type "spa" for MSAL.js, so please verify your app registration. You should not provide a client secret for MSAL.js, as this will be viewable in the browser by anyone.

jasonnutter
  • 649
  • 4
  • 7