Xamarin Forms and Azure A2BC wrong login page

0
votes

I have been trying to use Azure AD B2C with my Xamaerin.Forms iphone application. I've got it to sort of work following along based on this sample: active directory b2c xamarin native

The sample, though takes me to a login page that seems to only accept Microsoft Logins like this one:

enter image description here

This page seems to only let people log in with existing Microsoft accounts. I have set up my app to accept local email accounts, and I want the sign in page to look more like the link provided on the Azure AD B2C page: enter image description here

This second version is the part of the login page that is displayed when using the "run now endpoint" on the AD B2C signin signup policy that looks as follows: https://login.microsoftonline.com/crowdwisdom.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1_susi&client_id=0729f822-6c97-4b94-b75c-df4259b0f3c5&nonce=defaultNonce&redirect_uri=https%3A%2F%2Flogin.crowdwisdom.co&scope=openid&response_type=id_token&prompt=login

I don't understand which parameter of the AcquireTokenAsync method determines which page is delivered to the app

Here is the code I run that results in the top example:

public async void HandleSignIn()
    {
        try
        {

                AuthenticationResult ar = await App.PCA.AcquireTokenAsync(Constants.Scopes, GetUserByPolicy(App.PCA.Users, Constants.PolicySignUpSignIn), Constants.UiParent);

        }
        catch (Exception ex)
        {
            // Checking the exception message 
            // should ONLY be done for B2C
            // reset and not any other error.
            if (ex.Message.Contains("AADB2C90118"))
                HandlePasswordReset();
            // Alert if any exception excludig user cancelling sign-in dialog
            else if (((ex as MsalException)?.ErrorCode != "authentication_canceled"))
                throw ex;
        }
    }
    private IUser GetUserByPolicy(IEnumerable<IUser> users, string policy)
        {
            foreach (var user in users)
            {
                string userIdentifier = Base64UrlDecode(user.Identifier.Split('.')[0]);
                if (userIdentifier.EndsWith(policy.ToLower())) return user;
            }

            return null;
        }

Constants definition:

public static class Constants
{



    public static string Tenant = "foo.onmicrosoft.com";
    public static string ClientID = "0729...-..."; //actual client id here.
    public static string PolicySignUpSignIn = "B2C_1_susi";
    public static string PolicyEditProfile = "B2C_1_edit_profile";
    public static string PolicyResetPassword = "B2C_1_reset";


    public static string[] Scopes = { "User.read" };
    public static string ApiEndpoint = "https://foo.azurewebsites.net";

    public static string AuthorityBase = $"https://login.microsoftonline.com/{Tenant}/oauth2/v2.0/authorize?p=";

    private static string suffix = $"&client_id={ClientID}&nonce=defaultNonce&redirect_uri=https%3A%2F%2Fmyapi&scope=openid&response_type=id_token&prompt=login";

        public static string Authority = $"{AuthorityBase}{PolicySignUpSignIn}{suffix}";
    public static string AuthorityEditProfile = $"{AuthorityBase}{PolicyEditProfile}";
    public static string AuthorityPasswordReset = $"{AuthorityBase}{PolicyResetPassword}";

    public static UIParent UiParent = null;
}
1
azurexamarin.formsazure-ad-b2c
Can you please post your code that results in the first screenshot? It is hard for us to help out without seeing any code.dstrockis
Code posted aboveGGizmos

1 Answers

0
votes

Thanks for posting the code. When you use MSAL with AAD B2C, it's important that you indicate which policy you wish to use. That's how MSAL knows to invoke B2C functionality. What's happening right now is that you're not properly indicating which policy to use, and MSAL is defaulting back to the regular Microsoft login page, which only allows Microsoft personal & work/school accounts.

When using MSAL, the proper way to indicate policy is to use tfp in the path of the authority, like:

string BaseAuthority = "https://login.microsoftonline.com/tfp/mytenant.onmicrosoft.com/mypolicy";

See https://github.com/Azure-Samples/active-directory-b2c-xamarin-native/blob/master/UserDetailsClient/UserDetailsClient/App.cs#L25 for the most up-to-date example.

Yes, you can also use the p query string parameter to indicate policy, but the way you are passing it to MSAL causes MSAL to ignore it's existence and not include it in OAuth requests.

Last comment: you shouldn't have to deal with all those OAuth parameters in your suffix variable. MSAL will take care of that stuff for you.