I have followed the Getting Started workflow here: https://docs.microsoft.com/azure/active-directory-b2c/active-directory-b2c-get-started-custom
I followed it from scratch, twice, and have both times when trying to sign in with the sign-in & sign-up custom policy I am prompted with 'Your password is incorrect'. How can I properly authenticate?
Things that are working:
- When I do signup the user journey completes, and the user is added to the directory
- Using built in policies I can sign in and sign up
- Using built in policies I can sign in with a user who I used the custom policy to sign up for
Using Application Insights I can see the following errors. (some sanitation applied)
"ValidationRequest":{
"ContentType":"Unspecified",
"Created":"2017-10-06T17:19:34.3995426Z",
"Key":"ValidationRequest",
"Persistent":true,
"Value":"client_id=55555555-5555-5555-5555-555555555555&resource=cccccccc-cccc-cccc-cccc-cccccccccccc&username=MYUSERNAME&password=PASSWORDIENTEREDONSCREEN&grant_type=password&scope=openid&nca=1;1;login-NonInteractive;False"
},
"ValidationResponse":{
"ContentType":"Json",
"Created":"2017-10-06T17:19:34.3995426Z",
"Key":"ValidationResponse",
"Persistent":true,
"Value":"{\"error\":\"invalid_client\",\"error_description\":\"AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion'.\\r\\nTrace ID: 55555555-cccc-cccc-cccc-555555555555\\r\\nCorrelation ID: 77777777-7777-7777-7777-777777777777\\r\\nTimestamp: 2017-10-06 17:19:33Z\",\"error_codes\":[70002],\"timestamp\":\"2017-10-06 17:19:33Z\",\"trace_id\":\"55555555-cccc-cccc-cccc-555555555555\",\"correlation_id\":\"77777777-7777-7777-7777-777777777777\"};1;login-NonInteractive;False"
},
The important bit seems to be:
"AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion"
Also later it says:
"Exception of type 'Web.TPEngine.Providers.BadArgumentRetryNeededException' was thrown."
Some things I've double checked:
- In my Identity Experience Framework > Policy Keys, I have the following 4 keys after following the steps in the guide:
- B2C_1A_AdminClientEncryptionKeyContainer
- B2C_1A_FacebookSecret
- B2C_1A_TokenEncryptionKeyContainer
- B2C_1A_TokenSigningKeyContainer
- In the regular AAD > App registrations, I have the applications:
- IdentityExperienceFramework
- ProxyIdentityExperienceFramework
- And ProxyIdentityExperienceFramework has delegated Access IdentityExperienceFramework permissions from IdentityExperienceFramework.
- And I've hit Grant permissions for both apps.
- Both application Ids were properly substituted in the TrustFrameworkExtensions.xml, two places each
Any help is much appreciated. Thank you.