Azure B2C with Facebook provider

6
votes

I try to connect my azure B2C to Facebook login. I read this https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-fb-app

But I still receive this error when Azure transfer me to Facebook:

Blocked URL: This redirection failed because the redirection URI is not allowed in the OAuth client settings of the application. Make sure OAuth client and web credentials are enabled and add all domains in your app as valid OAuth Redirect URLs.

I try to add several URI under Facebook -> Product -> Login -> Settings -> Valid OAuth Redirect URIs. I try this:

https://b2ctenant.b2clogin.com/b2ctenant.onmicrosoft.com/oauth2/authresp https://login.microsoftonline.com/b2ctenant.onmicrosoft.com/oauth2/authresp https://sitename.azurewebsites.net/.auth/login/facebook/calklback https://sitename.azurewebsite.net

I am out of idea...

1
facebookazure-ad-b2c
What host are you referencing to redirect from your end-user application to your Azure AD B2C tenant? Is it https://login.microsoftonline.com or https://{tenant}.b2clogin.com? - Chris Padgett
If I go in AzureB2C->Sing-up or sing-in policies and selecting the only policie there, my "Select Domain" is set to {tenant].b2clogin.com. It is what your asking? wierd thing, on the URL tranfered to facebook login we got that: redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fte%2f{b2ctenant}.onmicrosoft.com%2foauth2%2fauthresp - Pierre-D Savard
Hi @Pierre-D Savard: If you're being redirected from Azure AD B2C to Facebook on the login.microsoftonline.com domain, then the redirection URL must be registered in Facebook at https://login.microsoftonline.com/te/{tenant}.onmicrosoft.com/oauth2/authresp (i.e. what is being sent from Azure AD B2C to Facebook). Note the /te path in there. - Chris Padgett
OMG! Thanks, thee /te was the error.... - Pierre-D Savard
Hi @Christ Padgett. Can you copy your answer in a "real" answer so I can give you the credit? Thanks - Pierre-D Savard

1 Answers

8
votes

You can use the following domains with Azure AD B2C:

  1. your-tenant-name.b2clogin.com (recommended)
  2. login.microsoftonline.com

If you're using the your-tenant-name.b2clogin.com domain with Azure AD B2C, then the redirection URL that is registered for Azure AD B2C in Facebook must be set to:

https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp

If you're using the login.microsoftonline.com domain with Azure AD B2C, then the redirection URL that is registered for Azure AD B2C in Facebook must be set to:

https://login.microsoftonline.com/te/your-tenant-name.onmicrosoft.com/oauth2/authresp

(Note the /te path in the redirection URL.)