Cant create proper OpenID Connect configuration endpoint (v2)

0
votes

I want to have an application in azure (simple asp.net mvc application) that keeps users in azure, I want to have that done by azure b2c.

I registered application in azure and put all configurations into appsettings.json what I notice is that the url generated by application does not match the one from azure:

Here's from application:

'https://isthereanynewscodeblast.b2clogin.com/isthereanynewscodeblast.onmicrosoft.com/B2C_1_eclaims_login/v2.0/.well-known/openid-configuration'

Here's from B2C:

'https://isthereanynewscodeblast.b2clogin.com/isthereanynewscodeblast.onmicrosoft.com//v2.0/.well-known/openid-configuration'

Similar but not the same. What I have found is that the url is being generated by AzureADB2COpenIdConnectOptionsConfiguration in this method:

internal static string BuildAuthority(AzureADB2COptions AzureADB2COptions)
{
    var baseUri = new Uri(AzureADB2COptions.Instance);
    var pathBase = baseUri.PathAndQuery.TrimEnd('/');
    var domain = AzureADB2COptions.Domain;
    var policy = AzureADB2COptions.DefaultPolicy;

    return new Uri(baseUri, new PathString($"{pathBase}/{domain}/{policy}/v2.0")).ToString();
}

And here's my .json

"AzureAdB2C": {
  "Instance": "https://isthereanynewscodeblast.b2clogin.com",
  "Domain": "isthereanynewscodeblast.onmicrosoft.com",
  "ClientId": "guid-of-client",
  "CallbackPath": "/signin-oidc",
  "SignUpSignInPolicyId": "B2C_1_eclaims_login ",
  "ResetPasswordPolicyId": "B2C_1_eclaims_reset",
  "EditProfilePolicyId": "B2C_1_eclaims_edit"
},

Which does not match the one from AAD :( Code is from a nuget: Microsoft.AspNetCore.Authorization

It's not protected nor virtual, so I don't see any option to override it.

So my questions are:

  • is there a way to handle this somehow, so that application can communicate with azure
  • is there other way to register app, easy like this:
services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
  .AddAzureADB2C(options =>
    {
      Configuration.Bind("AzureAdB2C", options);
    });

//EDIT:

Here's manifest from application registration:

{
    "id": "438a430b-4e80-4c6c-8f45-dfca460b2e03",
    "acceptMappedClaims": null,
    "accessTokenAcceptedVersion": 2,
    "addIns": [],
    "allowPublicClient": null,
    "appId": "44234136-6eee-431f-98ea-668343d7a3fd",
    "appRoles": [],
    "oauth2AllowUrlPathMatching": false,
    "createdDateTime": "2020-08-18T22:32:28Z",
    "groupMembershipClaims": null,
    "identifierUris": [],
    "informationalUrls": {
        "termsOfService": null,
        "support": null,
        "privacy": null,
        "marketing": null
    },
    "keyCredentials": [],
    "knownClientApplications": [],
    "logoUrl": null,
    "logoutUrl": null,
    "name": "user-log-test",
    "oauth2AllowIdTokenImplicitFlow": false,
    "oauth2AllowImplicitFlow": false,
    "oauth2Permissions": [],
    "oauth2RequirePostResponse": false,
    "optionalClaims": null,
    "orgRestrictions": [],
    "parentalControlSettings": {
        "countriesBlockedForMinors": [],
        "legalAgeGroupRule": "Allow"
    },
    "passwordCredentials": [],
    "preAuthorizedApplications": [],
    "publisherDomain": "isthereanynewscodeblast.onmicrosoft.com",
    "replyUrlsWithType": [
        {
            "url": "https://localhost:44395/signin-oidc",
            "type": "Web"
        }
    ],
    "requiredResourceAccess": [
        {
            "resourceAppId": "00000003-0000-0000-c000-000000000000",
            "resourceAccess": [
                {
                    "id": "37f7f235-527c-4136-accd-4a02d197296e",
                    "type": "Scope"
                },
                {
                    "id": "7427e0e9-2fba-42fe-b0c0-848c9e6a8182",
                    "type": "Scope"
                }
            ]
        }
    ],
    "samlMetadataUrl": null,
    "signInUrl": null,
    "signInAudience": "AzureADandPersonalMicrosoftAccount",
    "tags": [],
    "tokenEncryptionKeyId": null
}
2
asp.net-mvcazureauthenticationazure-active-directoryazure-ad-b2c

2 Answers

1
votes

Can you please try using this b2c sample app which will give you an idea how to use b2c points. It comes with pre-configured endpoints (below), which you can replace with your tenant and policy later for testing.

{
    "AzureAdB2C": {
        "Instance": "https://fabrikamb2c.b2clogin.com",
        "ClientId": "90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6",
        "Domain": "fabrikamb2c.onmicrosoft.com",
        "SignedOutCallbackPath": "/signout/B2C_1_susi",
        "SignUpSignInPolicyId": "b2c_1_susi",
        "ResetPasswordPolicyId": "b2c_1_reset",
        "EditProfilePolicyId": "b2c_1_edit_profile" 
    },
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
    }
  },
  "AllowedHosts": "*"
}
1
votes

I saw your app manifest file and found that you have not enabled implicit flow. Please Select the app and go to Authentication and select ID Tokens and Access Tokens.

enter image description here

I tried on the sample shared by @Razi and it is working fine end-to-end.