Azure AD B2C - Guest and Customer two different SignUP Policies ( multiple) issue

Manish Pandit 1 Reputation point
2022-10-14T02:08:51.63+00:00

Hi

In my APP i have got an requirement to have GUEST and CUSTOMER Signup with different inputs.
When GUEST will signup they will not have to enter "loyalty_number"
When Customer will signup they must enter "loyalty_number".

For this I have created 2 seperate policies

  1. B2C_1A_SIGNUP_SIGNIN_GUEST
  2. B2C_1A_SIGNUP_SIGNIN

In the appsettings.json we can mention only one single "SignUpSignInPolicyId" so I found that we can pass and overwrite the Policy name as follow.

var properties = new AuthenticationProperties
{ RedirectUri = redirect };
properties.Items[Constants.Policy] = "B2C_1A_SIGNUP_SIGNIN_GUEST";
return Challenge(properties, scheme);

Now everything is fine - When I click on GUEST or CUSTOMER - it opens the proper SignUP page, but when I try to SIGNIN or SIGNUP it is throse an exception.

Error.
An error occurred while processing your request.
Request ID: 00-7cc38632b8c2caa98aa1e1a3d1fa2312-8f8dfdb179e65bf3-00

Details
Message contains error: 'invalid_grant', error_description: 'AADB2C90088: The provided grant has not been issued for this endpoint. Actual Value : B2C_1A_signup_signin and Expected Value : B2C_1A_signup_signin_guest Correlation ID: c87e0e0b-5e40-4862-a3c8-b5800738e5fb Timestamp: 2022-10-14 02:06:54Z ', error_uri: 'error_uri is null'.

Also when I checked it logins (when signin) or create the user (when signup) - but no claims are returned.

Please resolve my issue.

Thanks
Manish Pandit

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,684 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 28,196 Reputation points Microsoft Employee
    2022-10-18T09:25:33.277+00:00

    Hi @Manish Pandit ,

    Thanks for reaching out.

    This error is due to tokens which are retrieved for particular policy are not matching with that policy.

    For different signup option, you need to pass Azure AD B2C policy Id for each action. The action passes a parameter named policy to authentication library which will allows you to provide the correct Azure AD B2C policy ID for the specific action.

    public IActionResult SignUp_Customer([FromRoute] string scheme)  
    {  
        scheme ??= OpenIdConnectDefaults.AuthenticationScheme;  
        var redirectUrl = Url.Content("~/");  
        var properties = new AuthenticationProperties { RedirectUri = redirectUrl };  
        properties.Items["policy"] = "B2C_1A_SIGNUP_SIGNIN";  
        return Challenge(properties, scheme);  
    }  
      
    public IActionResult SignUp_Guest([FromRoute] string scheme)  
    {  
        scheme ??= OpenIdConnectDefaults.AuthenticationScheme;  
        var redirectUrl = Url.Content("~/");  
        var properties = new AuthenticationProperties { RedirectUri = redirectUrl };  
        properties.Items["policy"] = "B2C_1A_SIGNUP_SIGNIN_GUEST";  
        return Challenge(properties, scheme);  
    }  
    

    You need to make sure you to select the correct Account object in respect to the authority and use that against the matching SignUp B2C policy.

    Hope this will help.

    Thanks,
    Shweta

    ------------------------------------

    Please remember to "Accept Answer" if answer helped you.