Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
11,640 questions
Configuring Azure AD B2C authentication as an Open ID provider in a .NET Core Web Application
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 24%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKB%3C/text%3E%3C/svg%3E)
Kevin Beye
0
Reputation points
How do I properly configure Azure AD B2C authentication as an Open ID provider in a .NET Core Web Application? I currently have a barebones project where I'm attempting to add Azure B2C as my authentication method. While the login form is displayed from the B2C environment, and I can sign up or sign in, I'm receiving an error message afterwards that states the default scopes ("openid profile") are not supported.
Azure Data Factory
Microsoft Security | Microsoft Entra | Microsoft Entra ID
25,132 questions
{count} votes
-
Kevin Beye 0 Reputation points
2023-11-16T10:36:47.68+00:00 To follow up, the error I'm getting - to which I can share configuration screenshots or other helpful data - is: "AADB2C90012": The scope 'openid profile' provided in request is not supported.
-
Carlos Solís Salazar 18,191 Reputation points MVP Volunteer Moderator2023-11-16T16:55:20.2366667+00:00 To configure Azure AD B2C authentication as an OpenID provider in a .NET Core Web Application, you'll need to follow these key steps. Given the error message you're encountering ("AADB2C90012: The scope 'openid profile' provided in request is not supported"), it seems there might be a misconfiguration in the scopes or policies set up in Azure B2C. Here's how you can address this:
Step-by-Step Guide to Configure Azure AD B2C in .NET Core
1. Register an Application in Azure AD B2C
- In the Azure portal, create a new application in your B2C tenant.
- Note down the Application (client) ID and the Directory (tenant) ID.
2. Create User Flows (Policies)
- Define user flows for sign-up, sign-in, profile editing, and password reset.
- Ensure these policies are correctly configured and note their names.
3. Configure Scopes
- For Azure AD B2C, custom scopes need to be defined in the application registration.
- If using the default scopes (
openid,profile), make sure they are supported and enabled in your user flows.
4. Set Up Reply URLs
- Configure the redirect URIs (reply URLs) in the application registration. These should match the URLs in your .NET Core application where Azure B2C will return tokens.
5. Configure .NET Core Application
- In your .NET Core application, use the Microsoft Authentication Library (MSAL) or the ASP.NET Core authentication middleware.
- Configure the middleware with your B2C tenant's details:
services.AddAuthentication(options => {...}) .AddOpenIdConnect(options => { options.Authority = $"https://{your-tenant-name}.b2clogin.com/{your-tenant-id}/{policy-name}/v2.0/"; options.ClientId = "{Application-ID}"; options.ResponseType = OpenIdConnectResponseType.IdToken; options.SaveTokens = true; }); - Note: Replace
{your-tenant-name},{your-tenant-id},{policy-name}, and{Application-ID}with your specific values.
6. Debugging the Scope Issue
- If you're encountering the error regarding scopes, check your user flow policies in Azure B2C. Ensure that the scopes are defined and exposed correctly.
- Verify the request URL for signing in. It should include the correct scopes as query parameters.
- Double-check the application manifest in Azure AD B2C to ensure that no unsupported scopes are included.
7. Test Authentication Flow
- Run your .NET Core application and test the authentication flow.
- If there are errors, use the developer tools in your browser to examine the request and response details.
8. Additional Configuration
- Depending on your requirements, you may need to configure additional settings like token validation parameters, session management, etc.
9. Reference Documentation
- Refer to Microsoft's documentation for detailed guidance and best practices:
10. Seek Support If Needed
- If you continue to face issues, consider sharing specific configuration details (ensuring no sensitive information is disclosed) with Microsoft support or on relevant forums like Stack Overflow.
Remember to regularly check for any updates or changes in Azure AD B2C's documentation, as Microsoft continuously updates its services.
Sign in to comment
Sign in to answer