I want to add the ability to sign in or up for my APIM developer portal via any Microsoft account type (personal or corporate, work …).
I have uploaded SocialAndLocalAccounts custom policy from the starter pack (removed the Facebook provider and added AADCommon-OpenIdConnect) – I have attached these files below.
I have errors while I’m trying to sign up via a local or Microsoft account.
Let’s try to look Microsoft account (multitenant)
-
Click “Multi-Tenant ADD” button
-
When you filled the email and password, you will be redirected to webPortal.com/signup-oauth#provider=AadB2C&token=eyJhbGciOiJSUzI1NiIsImtpZ…
-
Looks like, all is good except that we have lost the session, and when we press “sign up” button, we get an exception:
-
the JWT token
Similar behavior I have when I try to sign up via a local account, but on the first step – record with user created in b2c tenant and then we can sign in by login and password:
-
When I filled email and password and confirmed email address, this one error, and 401 error code for “/identity”, and 403 for “/users” endpoints .
- The requests to Users and Identity have a header: Authorization: AadB2C
id_token=”eyJhbGciOiJSUzI1NiIsImtpZC…..”
- The requests to Users and Identity have a header: Authorization: AadB2C
-
When I try to click “Microsoft Account” again – server redirects me to this one page:
-
The jwt from the local account is this one:
So, Azure Active Directory B2C tenant has:
- App registrations – apimb2cdemo with secret code, that I have set to
APIM Identity (Accounts in any identity provider or organizational
directory (for authenticating users with user flows)) - SocialAndLocalAccounts custom policy from the starter pack (Attached)
- app registrations – ProxyIdentityExperienceFramework – app (Accounts
in this organizational directory only (Tenant only – Single tenant)) - app registrations – IdentityExperienceFramework – app (Accounts in
this organizational directory only (Tenant only – Single tenant)) - app registrations – webapp1 – app (just for testing – jwt.ms)
(Accounts in any identity provider or organizational directory (for authenticating users with user flows))
APIM Developer portal tenant has:
- app registrations – Azure AD B2C App with secret code, that I have
set to my ClaimsProvider in TrustFrameworkExtensions
-
Redirect URL:
https://your-b2c-tenant-name.b2clogin.com/your-B2C-tenant-name.onmicrosoft.com/oauth2/authresp -
(Accounts in any organizational directory (Any Microsoft Entra ID
tenant – Multitenant) and personal Microsoft accounts (e.g. Skype,
Xbox)) – Here, I chose a different option compared to the article
-
new one Identity provider in APIM Developer portal Menu
-
Azure Active Directory B2C – has reference to apimb2cdemo app with id
and secret key and custom policy name and Client library – MSAL.
For this task, I am using these tutorials:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy (from 1 to 3 tutorials)
https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-aad-b2c
https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-multi-tenant?pivots=b2c-custom-policy
I have no idea what happened and why I have faced these issues, could you please assist me with this issue?
I’m looking forward to any ideas and solutions.
Thank you in advance!