Microsoft Identity throwing invalid issuer error after Azure AD B2C custom domain setup

Arjun 0 Reputation points
2023-02-20T14:58:26.0766667+00:00

I've a .NET 6 application with Azure AD B2C authentication enabled. I'm using user flows for both sign-in and reset password. We have a requirement to use a custom domain instead of the default URL created by Azure AD B2C.

I've followed the below article to set up the custom domain for B2C and it is working fine. When I replace the default URL with the custom domain, I can see the login page.

https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-domain?pivots=b2c-user-flow

But, once I click on the login button the app is throwing an error. When I checked the log of the app service, I could see the below error

IDX40001: Issuer: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]', does not match any of the valid issuers provided for this application.

Also, the reset password link still has the default URL generated by Azure B2C (not the custom domain)

Did anyone experience this issue? Did I miss any additional steps? Thanks.

Microsoft Identity Manager
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
608 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,633 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,418 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Arjun 0 Reputation points
    2023-02-21T12:58:27.2533333+00:00

    If anyone faces this issue in the future, this error is only happening when we run the user flow from Azure. Once I deployed the application, it was working fine with the custom domain. I changed the value of the key "Instance" in the AzureAD configuration (in appsettings.json) with the custom domain.

    0 comments
  2. Shweta Mathur 27,216 Reputation points Microsoft Employee
    2023-02-24T08:23:37.3466667+00:00

    Hi @Arjun ,

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.

    User's image

    Configuration needs to be updated with your custom domain as shown below: 

    {
  "AzureADB2C": {
    "Instance": "https://--your-domain--.b2clogin.com",
    "Domain": "[Enter the domain of your B2C tenant, e.g. contoso.onmicrosoft.com]",
    "TenantId": "[Enter 'common', or 'organizations' or the Tenant Id (Obtained from the  the URLs), e.g. da41245a5-11b3-996c-00a8-4d99re19f292]",
    }
}
    0 comments