URI for Identity Provider in a B2C app

Question

Hello, I have a B2C app where I am trying to map claims to roles as documented here: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/claims?view=aspnetcore-7.0

This was suggested to me in response to a different question I asked (I want to be able to retrieve roles for a user in my app).

I am using Azure AD as the identity provider. What should options.Authority be set to in the following? Thanks! Sorry, this is a newbie question.

.AddOpenIdConnect(options =>
   {
       options.SignInScheme = "Cookies";
       options.Authority = "-your-identity-provider-";
       options.RequireHttpsMetadata = true;
       options.ClientId = "-your-clientid-";
       options.ClientSecret = "-your-client-secret-from-user-secrets-or-keyvault";
       options.ResponseType = "code";
       options.UsePkce = true;
       options.Scope.Add("profile");
       options.SaveTokens = true;
   });

Answer 1

Hi @AKJ , The authority URL typically has the following format:

https://login.microsoftonline.com/{tenant-id}/v2.0

Replace {tenant-id} with your Azure AD tenant ID.

It should look something like this:

.AddOpenIdConnect(options =>
{
    options.SignInScheme = "Cookies";
    options.Authority = "https://login.microsoftonline.com/{tenant-id}/v2.0";
    options.RequireHttpsMetadata = true;
    options.ClientId = "-your-clientid-";
    options.ClientSecret = "-your-client-secret-from-user-secrets-or-keyvault";
    options.ResponseType = "code";
    options.UsePkce = true;
    options.Scope.Add("profile");
    options.SaveTokens = true;
});

Please let me know if you have any questions and I can help you further.

If this answer helps you please mark "Accept Answer" so other users can reference it.

Thank you,

James