If anyone faces this issue in the future, this error is only happening when we run the user flow from Azure. Once I deployed the application, it was working fine with the custom domain. I changed the value of the key "Instance" in the AzureAD configuration (in appsettings.json) with the custom domain.
Microsoft Identity throwing invalid issuer error after Azure AD B2C custom domain setup
I've a .NET 6 application with Azure AD B2C authentication enabled. I'm using user flows for both sign-in and reset password. We have a requirement to use a custom domain instead of the default URL created by Azure AD B2C.
I've followed the below article to set up the custom domain for B2C and it is working fine. When I replace the default URL with the custom domain, I can see the login page.
https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-domain?pivots=b2c-user-flow
But, once I click on the login button the app is throwing an error. When I checked the log of the app service, I could see the below error
IDX40001: Issuer: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]', does not match any of the valid issuers provided for this application.
Also, the reset password link still has the default URL generated by Azure B2C (not the custom domain)
Did anyone experience this issue? Did I miss any additional steps? Thanks.
2 answers
Sort by: Most helpful
-
-
Shweta Mathur 27,216 Reputation points Microsoft Employee
2023-02-24T08:23:37.3466667+00:00 Hi @Arjun ,
I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.
Configuration needs to be updated with your custom domain as shown below:
{ "AzureADB2C": { "Instance": "https://--your-domain--.b2clogin.com", "Domain": "[Enter the domain of your B2C tenant, e.g. contoso.onmicrosoft.com]", "TenantId": "[Enter 'common', or 'organizations' or the Tenant Id (Obtained from the the URLs), e.g. da41245a5-11b3-996c-00a8-4d99re19f292]", } }