Share via

Azure B2C User Flow Redirect URI Does Not Work

Zak Dali 5 Reputation points
2024-05-15T16:54:18.0033333+00:00

When using a User Flow in a B2C tenant, the flow seems to completely ignore the redirect URI attached to the user flow.

https://MachSandboxTenant.b2clogin.com/MachSandboxTenant.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1_machsandbox_public_user_flow&client_id=9eea3042-6a38-468a-aa0e-27038716a8e2&nonce=defaultNonce&redirect_uri=http%3A%2F%2Flocalhost%3A9000%2F&scope=openid&response_type=code&prompt=login&code_challenge_method=S256&code_challenge=tddq9MvcvwbtvMxOI5qMGrhM2mSqtnDljD3Sm3FKC-E

As you can see, the redirect_uri component is http://localhost:9000.

If you actually follow that link, it doesn't work. It instead goes to:

https://login.live.com/oauth20_authorize.srf?client_id=9eea3042-6a38-468a-aa0e-27038716a8e2&redirect_uri=https%3a%2f%2fmachsandboxtenant.b2clogin.com%2fmachsandboxtenant.onmicrosoft.com%2foauth2%2fauthresp&response_type=code&scope=openid+profile+email&response_mode=form_post&nonce=blK2OqZsYwb7LEvXrkfQxA%3d%3d&prompt=login&state=StateProperties%3deyJTSUQiOiJ4LW1zLWNwaW0tcmM6MDk3ZWJiZWMtZGY1ZC00ZWY2LWEwNzYtMDJiNDlhMTZjNmUwIiwiVElEIjoiNzA3YjQ4MmItZjcxNC00YmE5LTk0MzctMTFhN2VhYzk1NGI3IiwiVE9JRCI6ImJjOGExODg0LWYwZjAtNGFhMi1hOWM1LTYyYmEwNmFjNzcwNyJ9

And now the redirect_uri has been discarded and replaced with https://machsandboxtenant.b2clogin.com/machsandboxtenant.onmicrosoft.com/oauth2/authresp

This value isn't listed in any of the Azure Applications in the portal, and there is nothing running on my local machine at 9000 at the moment, so it isn't my software incorrectly redirecting. This is absolutely the result of some misconfiguration in Azure, but at this point I've got no idea. I've poured over tons of a documentation... and nothing seems to change how it behaves.

What the heck am I overlooking here?

Microsoft Entra
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Kyle Clark 0 Reputation points
    2024-05-17T05:17:50.2333333+00:00

    This took me a while to realize.

    You need to enter the following URL as one of the redirects for your application authentication.

    IMPORTANT NOTE: You will need more than one redirect. One is specifically for the B2C user flow. After that, you can enter whatever you need for your application code.

    The first URL you should enter is:

    https://your-B2C-tenant-name.b2clogin.com/your-B2C-tenant-name.onmicrosoft.com/oauth2/authresp

    And in your case, the second URL you should enter is:

    http://localhost:9000/

    The order which you add these does NOT matter (in my experience).

    So basically the flow looks like this for the user

    1. User clicks login link in your application (The first link in your post)
    2. They're taken to the B2C login page (User flow configured in Azure)
    3. They click "Login with Microsoft" (or whatever provider you've chosen). Note, if the Entra ID provider is the only one applicable, they will skip this step entirely and be led to step 4
    4. User is taken to the Microsoft login page (The second link in your post).
    5. Upon successful login, they will be redirected to the B2C URL (similar to the one in step 2)
    6. If there aren't any issues, the B2C URL redirects back to your application with the auth code
    0 comments