After a long research I found this article/sample, where the Microsoft.Identity.UI
framework is replaced with the Microsoft.AspNetCore.Authentication.AzureADB2C.UI
.
However, with the https://myDomain.b2clogin.com
url I still get the same error, using the custom domain it works, that's enough for me.
Microsoft.IdentityModel does not support a B2C issuer with `tfp` in the uri
I am trying to run the WebApp B2C sample:
https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/1-WebApp-OIDC/1-5-B2C
When I try to login, I get the following error:
IDX40002: Microsoft.IdentityModel does not support a B2C issuer with 'tfp' in the URI. See https://aka.ms/ms-id-web/b2c-issuer for details.
If I edit the Instance
to https://myHost.b2clogin.com
I get:
AADSTS50011: The redirect URI 'https://myHost.b2clogin.com/1c2009bb-7e35-4a0e-9f22-xxxxxxxxx/oauth2/authresp' specified in the request does not match the redirect URIs configured for the application 'c24b0337-0bd9-45ee-8376-xxxxxxxxx'. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal. Navigate to https://aka.ms/redirectUriMismatchError to learn more about how to fix this.
Obviously adding this url, it does not work either.
As you can read here, other people run the sample without problems, the difference might be a more complex custom policy and the fact that we are using a custom Publisher domain
2 answers
Sort by: Most helpful
-
Borsoi Emanuel 296 Reputation points
2022-11-08T10:57:00.663+00:00 -
Marilee Turscak-MSFT 36,411 Reputation points Microsoft Employee
2022-11-16T00:52:35.193+00:00 Hi @Borsoi Emanuel ,
Thank you for sharing your solution of switching to the
Microsoft.AspNetCore.Authentication.AzureADB2C.UI
. This will surely help other customers who might be facing this issue. One note is that if you receive the reply URL when using the b2clogin but not when using the custom domain, it means that your redirect url in the application must have been configured to map to your custom domain.So the same URL needs to be configured in your application references such as the app settings and web.config, and these references need to match the app registration redirect URL in the portal. The tenant ID and application ID also need to match.
Note also the reply url restrictions for user flows documented here.
-
If the information helped you, please Accept the answer. This will help us and other community members as well.