REST API integration in Azure AD B2C Custom Policy

Question

I am trying to call Token endpoint for B2C Custom policy.

When verified through postman, I am able to successfully call the endpoint. The parameters used in this postman request are as seen in the attached image.

I want to integrated this endpoint in my B2C Custom Policy. My technical profile for the Rest Api claims provider looks like below -

**

When I try to run the policy, I end up in an error like below -
Correlation ID: 0045f84a-8d6a-4a39-9add-d3e9a3024e62

Timestamp: 2024-06-25 11:50:29Z

AADB2C: An exception has occurred.

App Insights only shows -
Exception Message:An internal error has occurred., CorrelationID:0045f84a-8d6a-4a39-9add-d3e9a3024e62

How can I resolve this issue ? Requesting quick responses as this issue is becoming a bottleneck for my implementation.

Answer 1

To integrate the token endpoint for B2C custom policy correctly, you need to ensure the technical profile is properly configured to match the parameters you have successfully tested in Postman.

Based on the parameters in your Postman request, your TechnicalProfile should include all necessary parameters and correctly handle the request body.

Example Technical Profile Configuration

Here's a refined version of your technical profile for the REST API claims provider:

<TechnicalProfile Id="GetTokenInformation">

  <DisplayName>Get Token Information</DisplayName>

  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />

  <Metadata>

    <Item Key="ServiceUrl">https://myazb2cidporg.b2clogin.com/myazb2cidporg.onmicrosoft.com/oauth2/v2.0/token</Item>

    <Item Key="AuthenticationType">None</Item>

    <Item Key="SendClaimsIn">Body</Item>

    <Item Key="HttpBinding">POST</Item>

  </Metadata>

  <CryptographicKeys>

    <Key Id="client_secret_post" StorageReferenceId="B2C_1A_myfederatedwebappsecret" />

  </CryptographicKeys>

  <InputClaims>

    <InputClaim ClaimTypeReferenceId="code" PartnerClaimType="code" Required="true" />

    <InputClaim ClaimTypeReferenceId="redirect_uri" DefaultValue="https://jwt.ms" />

  </InputClaims>

  <OutputClaims>

    <OutputClaim ClaimTypeReferenceId="accessToken" PartnerClaimType="access_token" />

    <OutputClaim ClaimTypeReferenceId="refreshToken" PartnerClaimType="refresh_token" />

    <OutputClaim ClaimTypeReferenceId="idToken" PartnerClaimType="id_token" />

    <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name" />

    <OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="family_name" />

    <OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />

    <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email" />

  </OutputClaims>

  <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />

</TechnicalProfile>

Key Points

1. Service URL: Ensure the ServiceUrl matches the endpoint you are trying to call.
2. InputClaims:
   • code: This is typically the authorization code received after the user authentication.
   • redirect_uri: This should match the redirect URI used in your request. You can set a default value if it's always the same.
3. Metadata Items:
   • Ensure all necessary parameters are included in the metadata if they are not part of InputClaims.
4. OutputClaims:
   • Add the claims you want to retrieve from the token endpoint's response.

Adding Static Parameters

If you need to send static parameters like client_id, grant_type, and scope, you can include them directly in the metadata:

<Metadata>

  <Item Key="ServiceUrl">https://myazb2cidporg.b2clogin.com/myazb2cidporg.onmicrosoft.com/oauth2/v2.0/token</Item>

  <Item Key="AuthenticationType">None</Item>

  <Item Key="SendClaimsIn">Body</Item>

  <Item Key="HttpBinding">POST</Item>

  <Item Key="grant_type">authorization_code</Item>

  <Item Key="client_id">your-client-id</Item>

  <Item Key="scope">openid profile</Item>

</Metadata>

Troubleshooting Steps

1. Verify Endpoint:
   • Ensure the endpoint URL is correct and accessible from your Azure AD B2C tenant.
2. Check App Insights:
   • Look for detailed error messages in Application Insights to understand any issues with the request.
3. Double-Check Secrets:
   • Ensure the client_secret is correctly stored and referenced in your policy.

Example Input and Output Claims

If you need to pass additional claims in the request body, include them in the InputClaims section:

<InputClaims>

  <InputClaim ClaimTypeReferenceId="code" PartnerClaimType="code" Required="true" />

  <InputClaim ClaimTypeReferenceId="redirect_uri" DefaultValue="https://jwt.ms" />

  <InputClaim ClaimTypeReferenceId="client_secret_post" DefaultValue="{your-client-secret}" />

</InputClaims>

Application Insights

1. Enable Logging:
   • Ensure that detailed logging is enabled in your B2C custom policy settings to capture all error messages.
2. Check Logs:
   • Look at the traces table in Application Insights for detailed error messages.

By ensuring all parameters match what you've tested in Postman and correctly configuring your technical profile, you should be able to integrate the token endpoint into your B2C custom policy. If you continue to encounter issues, providing detailed logs from Application Insights will help in further diagnosing the problem.