Please use Microsoft.Identity.Web 2.17.0 and read this article: https://github.com/AzureAD/microsoft-identity-web/wiki/Deploying-Web-apps-to-App-services-as-Linux-containers
IDX40001: Issuer: does not match any of the valid issuers provided for this application
My Azure AD B2C application has suddenly stopped authenticating requests due to "IDX40001: Issuer: 'https://<tenant>.b2clogin.com/<tenantId>/v2.0/', does not match any of the valid issuers provided for this application"
Looking at other similar forums posted on Microsoft, I have tried the following already:
- Making sure the instance name is:
"https://<tenant>.b2clogin.com/"
- Making sure I have latest version of Microsoft.Identity 1.11.0-beta.1 (also tried 1.10.4)
- Adding TenantId to appsettings
- Disabling valid issuer
- Moving to a different azure ad subscription
I am using the following azure configurations in app settings:
"AzureAdB2C": {
"TenantId": <tenantId>",
"AuthorizationUrl": "https://<tenant>.b2clogin.com/<tenant>onmicrosoft.com/B2C_1_SignUpSignIn/oauth2/v2.0/authorize",
"TokenUrl": "https://<tenant>b2clogin.com/<tenant>onmicrosoft.com/B2C_1_SignUpSignIn/oauth2/v2.0/token",
"Instance": "https://<tenant>.b2clogin.com",
"Domain": "<tenant>.onmicrosoft.com",
"ClientId": "<back-end client id>",
"SignUpSignInPolicyId": "B2C_1_SignUpSignIn",
"ApiScopes": {
"Read": "https://<tenant>.onmicrosoft.com/<appId>/read"
},
"Swagger": {
"ClientId": "<secondary client Id to call apis from swagger>",
"ClientSecret": "<client secret>"
}
To enable authentication with swagger I am adding the following code to my program.cs:
app.UseSwaggerUI(c =>
{
var secretsManager = app.Services.GetService<ISecretsManager>();
c.DocumentTitle = "API";
c.DocExpansion(Swashbuckle.AspNetCore.SwaggerUI.DocExpansion.None);
c.OAuthClientId(builder.Configuration.GetSection("AzureAdB2C:Swagger:ClientId").Value ?? string.Empty);
c.SwaggerEndpoint("/swagger/v1/swagger.json", "api 1.0.0");
c.OAuthClientSecret(secretsManager?.GetSecret("AzureAdB2C:Swagger:ClientSecret") ?? string.Empty);
c.OAuthUseBasicAuthenticationWithAccessCodeGrant();
});
Also using the following method to configure swagger for implicit oauth flow:
private static void ConfigureSwagger(IServiceCollection services, IConfiguration configuration)
{
services.AddSwaggerGen(c =>
{
string[] methodsOrder = ["get", "post", "put", "patch", "delete", "options", "trace"];
var baseDirectory = AppDomain.CurrentDomain.BaseDirectory;
var commentsFileName = Assembly.GetExecutingAssembly().GetName().Name + ".XML";
var commentsFile = Path.Combine(baseDirectory, commentsFileName);
var scopes = configuration.GetSection("AzureAdB2C:ApiScopes").Get<Dictionary<string, string>>() ?? [];
var scopesDictionary = new Dictionary<string, string>();
foreach (var s in scopes)
{
scopesDictionary[s.Value] = s.Key;
}
c.SwaggerDoc("v1", new OpenApiInfo
{
Title = "api",
Version = "1.0.0",
Description = "Documentation for REST APIs"
});
c.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
{
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows()
{
Implicit = new OpenApiOAuthFlow()
{
AuthorizationUrl = new Uri(configuration.GetSection("AzureAdB2C:AuthorizationUrl").Value ?? string.Empty),
TokenUrl = new Uri(configuration.GetSection("AzureAdB2C:TokenUrl").Value ?? string.Empty),
Scopes = scopesDictionary
}
}
});
c.AddSecurityRequirement(new OpenApiSecurityRequirement()
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "oauth2"
},
Scheme = "oauth2",
Name = "oauth2",
In = ParameterLocation.Header
},
new List<string>()
}
});
c.EnableAnnotations();
c.OrderActionsBy(apiDesc => $"{apiDesc.ActionDescriptor.RouteValues["controller"]}_{Array.IndexOf(methodsOrder, apiDesc.HttpMethod?.ToLower())}");
//c.IncludeXmlComments(commentsFile);
//use fully qualified object names
c.CustomSchemaIds(x => x.FullName);
c.UseInlineDefinitionsForEnums();
});
}
When I run my app and make a request from swagger I get the following error:
www-authenticate: Bearer error="invalid_token",error_description="The issuer '(null)' is invalid"
In the console:
IDX40001: Issuer: 'https://<tenant>.b2clogin.com/<tenantId>/v2.0/', does not match any of the valid issuers provided for this application
This was all working fine until a few days ago and it has stopped working even though the configuration above has not changed.
Any tips or suggestions at this point is greatly appreciated.
1 answer
Sort by: Most helpful
-
Jean Marc Prieur 11 Reputation points Microsoft Employee
2024-02-25T17:34:10.12+00:00