This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 30%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
When passing an ID token or access token to the Azure B2C userinfo endpoint, a 401 error is thrown. I followed the steps in the userinfo article and created a custom policy using this sample. I registered a web application and created a Userinfo endpoint with the custom policy. When I pass the AccessToken from the web application to the userinfo endpoint, it fails with a 401 error. However, when I run the custom userinfo policy with the web application Id in the Azure Portal, I get the ID token, and this token works with the userinfo endpoint. If I generate a token with a different user flow with the web application Id and pass it to the userinfo endpoint, it throws a 401 error. Am I missing something here?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @RPD ,
Thanks for reaching out.
Based on the information you provided, it seems like the access token you are passing to the userinfo endpoint is not valid. The 401 error indicates that the access token is not authorized to access the userinfo endpoint.
Could you please verify the issuer you passed is in lowercase and correctly configured. If you are passing audience, validate its value as well.
Did you try to decode the access token using jwt.ms to check valid issuer and audience.
For further troubleshooting, you can configure ApplicationInsights to check traces for Azure B2C.
Thanks,
Shweta
Hi @Shweta Mathur Thank you for the response
The issuer is in all lowercase and token is decoded with the issuer and audience
I have given only one audience which is app (TestApp), If I run any default userflow using this app and pass the token to userinfo its not authenticating.
If i run the userinfo RP using the same app (TestApp) and generate token, this is getting validated.
I want to use recommended default flows for the user and just use custom policy for the userinfo endpoint. This should work ?
Userinfo token
{
"ver": "1.0",
"iss": "https://xxxxxx.b2clogin.com/ xxxxxx-xxxxxx -4c28-adb5- xxxxxx/v2.0/",
"sub": "xxxxxx",
"aud": "xxxxxxxxc58",
"exp": 1697557516,
"acr": "b2c_1a_demo_signup_signin_userinfo",
"nonce": "defaultNonce",
"iat": 1697553916,
"auth_time": 1697553916,
"name": "Test",
"given_name": "Test",
"family_name": "Test",
"tid": "584bc793-7e80-4c28-adb5-xxxxxx",
"nbf": 123221321
}
Default signin flow token
{
"ver": "1.0",
"iss": "https://xxxxx.b2clogin.com/xxxxx-xxxxx/v2.0/",
"sub": "xxxxxxxx",
"aud": " xxxxxxxxc58",
"exp": 1697557470,
"nonce": "defaultNonce",
"iat": 1697553870,
"auth_time": 1697553870,
"city": "Test",
"given_name": "Test",
"family_name": "Daniel",
"Test": [
"test@gmail.com"
],
"tfp": "B2C_1_SignIn",
"nbf": 1691231270
}