Share via

IDX40001: Issuer: does not match any of the valid issuers provided for this application

26375912 0 Reputation points
2024-02-24T22:34:41.93+00:00

My Azure AD B2C application has suddenly stopped authenticating requests due to "IDX40001: Issuer: 'https://<tenant>.b2clogin.com/<tenantId>/v2.0/', does not match any of the valid issuers provided for this application" Looking at other similar forums posted on Microsoft, I have tried the following already:

  • Making sure the instance name is: "https://<tenant>.b2clogin.com/"
  • Making sure I have latest version of Microsoft.Identity 1.11.0-beta.1 (also tried 1.10.4)
  • Adding TenantId to appsettings
  • Disabling valid issuer
  • Moving to a different azure ad subscription

I am using the following azure configurations in app settings:

"AzureAdB2C": {
  "TenantId": <tenantId>",
  "AuthorizationUrl": "https://<tenant>.b2clogin.com/<tenant>onmicrosoft.com/B2C_1_SignUpSignIn/oauth2/v2.0/authorize",
  "TokenUrl": "https://<tenant>b2clogin.com/<tenant>onmicrosoft.com/B2C_1_SignUpSignIn/oauth2/v2.0/token",
  "Instance": "https://<tenant>.b2clogin.com",
  "Domain": "<tenant>.onmicrosoft.com",
  "ClientId": "<back-end client id>",
  "SignUpSignInPolicyId": "B2C_1_SignUpSignIn",
  "ApiScopes": {
    "Read": "https://<tenant>.onmicrosoft.com/<appId>/read"
  },
  "Swagger": {
    "ClientId": "<secondary client Id to call apis from swagger>",
    "ClientSecret": "<client secret>"
  }

To enable authentication with swagger I am adding the following code to my program.cs: 

app.UseSwaggerUI(c =>
{
    var secretsManager = app.Services.GetService<ISecretsManager>();
    c.DocumentTitle = "API";
    c.DocExpansion(Swashbuckle.AspNetCore.SwaggerUI.DocExpansion.None);
    c.OAuthClientId(builder.Configuration.GetSection("AzureAdB2C:Swagger:ClientId").Value ?? string.Empty);
    c.SwaggerEndpoint("/swagger/v1/swagger.json", "api 1.0.0");
    c.OAuthClientSecret(secretsManager?.GetSecret("AzureAdB2C:Swagger:ClientSecret") ?? string.Empty);
    c.OAuthUseBasicAuthenticationWithAccessCodeGrant();
});

Also using the following method to configure swagger for implicit oauth flow:

private static void ConfigureSwagger(IServiceCollection services, IConfiguration configuration)
{
    services.AddSwaggerGen(c =>
    {
        string[] methodsOrder = ["get", "post", "put", "patch", "delete", "options", "trace"];
        var baseDirectory = AppDomain.CurrentDomain.BaseDirectory;
        var commentsFileName = Assembly.GetExecutingAssembly().GetName().Name + ".XML";
        var commentsFile = Path.Combine(baseDirectory, commentsFileName);
        var scopes = configuration.GetSection("AzureAdB2C:ApiScopes").Get<Dictionary<string, string>>() ?? [];
        var scopesDictionary = new Dictionary<string, string>();
        foreach (var s in scopes)
        {
            scopesDictionary[s.Value] = s.Key;
        }
        c.SwaggerDoc("v1", new OpenApiInfo
        {
            Title = "api",
            Version = "1.0.0",
            Description = "Documentation for REST APIs"
        });
        c.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
        {
            Type = SecuritySchemeType.OAuth2,
            Flows = new OpenApiOAuthFlows()
            {
                Implicit = new OpenApiOAuthFlow()
                {
                    AuthorizationUrl = new Uri(configuration.GetSection("AzureAdB2C:AuthorizationUrl").Value ?? string.Empty),
                    TokenUrl = new Uri(configuration.GetSection("AzureAdB2C:TokenUrl").Value ?? string.Empty),
                    Scopes = scopesDictionary
                }
            }
        });
        c.AddSecurityRequirement(new OpenApiSecurityRequirement()
    {
        {
            new OpenApiSecurityScheme
            {
                Reference = new OpenApiReference
                {
                    Type = ReferenceType.SecurityScheme,
                    Id = "oauth2"
                },
                Scheme = "oauth2",
                Name = "oauth2",
                In = ParameterLocation.Header
            },
            new List<string>()
        }
    });
        c.EnableAnnotations();
        c.OrderActionsBy(apiDesc => $"{apiDesc.ActionDescriptor.RouteValues["controller"]}_{Array.IndexOf(methodsOrder, apiDesc.HttpMethod?.ToLower())}");
        //c.IncludeXmlComments(commentsFile);
        //use fully qualified object names
        c.CustomSchemaIds(x => x.FullName);
        c.UseInlineDefinitionsForEnums();
    });
}

When I run my app and make a request from swagger I get the following error: www-authenticate: Bearer error="invalid_token",error_description="The issuer '(null)' is invalid" In the console: IDX40001: Issuer: 'https://<tenant>.b2clogin.com/<tenantId>/v2.0/', does not match any of the valid issuers provided for this application This was all working fine until a few days ago and it has stopped working even though the configuration above has not changed. Any tips or suggestions at this point is greatly appreciated.

Developer technologies | ASP.NET | ASP.NET Core
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Identity Manager

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jean Marc Prieur 11 Reputation points Microsoft Employee
    2024-02-25T17:34:10.12+00:00
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.