question

VaibhavMore-6727 avatar image
0 Votes"
VaibhavMore-6727 asked DeepnarayanLohra-2492 commented

Redirect to custom error page from if b2c invitation link expired

When a user is invited to join the b2c tenant with an invitation link if the user tries to access that link it says that the link is expired as the expiry time is 24 hours.

Upon expiry user sees Microsoft Defined error page where it does not state that the link/ token has expired.

So, wanted to either redirect to custom error page or display a custom error page with proper messages.

How to show the custom error page in this scenario?

The eg. invitation link is here.


azure-active-directoryazure-ad-b2c
· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @VaibhavMore-6727, the included link displays this:

AADB2C90017: The client assertion provided in the request is invalid: 'client_secret' was used as the verification key

Can you explain with more detail how the user is created and the invitation sent?

0 Votes 0 ·

anonymous user-msft ,
PFB code used to generate the invite link: JWT token has a validity of 1 day. Other variables are specific to Azure AD Tenant.

var url = $"https://{domainName}.b2clogin.com/{issuer}/{invitationPolicy}/oauth2/v2.0/authorize?client_id={clientId}" +
$"&login_hint={inviteRequest.InviteEmail}&response_mode=fragment&nonce=defaultNonce" +
$"&redirect_uri={redirectUrl}&scope=openid&response_type=id_token" +
$"&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_assertion={jwt}";

0 Votes 0 ·

What is PFB? Also, you're requesting an id token using a client assertion. This is not a requirement and I'm not aware if its supported. I still not clear about how the link is generated. Are you inviting a B2B Azure AD user or a already created B2C user?

0 Votes 0 ·
Show more comments

Hi, do you still require assistance? If not, please mark the answer as verified.

Thank you,
James

0 Votes 0 ·

Hi @JamesHamil-MSFT this issue is still there. Upon expiry user sees Microsoft Defined error page where it does not state that the link/ token has expired.

So, I wanted to either redirect to a custom error page or display a custom error page with proper messages.

0 Votes 0 ·

1 Answer

alfredorevilla-msft avatar image
0 Votes"
alfredorevilla-msft answered alfredorevilla-msft edited

Ok got it. Well that looks like a implicit flow request which should not contain nor a client secret or assertion. Also client assertion is no longer supported by B2C.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.