How to set ValidateIssurer to False?

Siegfried Heintze 1,861 Reputation points
2020-05-27T21:37:11.803+00:00

I'm following along with the directions for the Microsoft example in GitHub: active-directory-b2c-javascript-angular-spa

Part one where I use Microsoft's tenant works great!

I am now trying to set up my own AAD B2C tenant with Facebook as an identity provider.

The directions say:

> To use <your-tenant-name>.b2clogin.*, you need set validateIssuer: false. Learn more about using b2clogin.com.

Please help me understand where I set "validateIssurer". I was hoping to see an explanation when I clicked on the "Learn more about using b2cLogin.com" and all I can find there is a discussion of validateAuthority.

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,760 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,541 questions
0 comments No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,506 Reputation points
    2020-05-28T04:29:45.037+00:00

    Hi @Siegfried Heintze ,

    You can use below code to set ValidateIssuer to False:

    this.clientApplication = new UserAgentApplication(  
      env.auth.clientId,  
      env.auth.loginAuthority,  
      this.authCallback.bind(this),  
      {  
        validateAuthority: false  
      }  
    );  
    

    -----------------------------------------------------------------------------------------------------------

    Please do not forget to "Accept the answer" wherever the information provided helps you. This will help others in the community as well.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Siegfried Heintze 1,861 Reputation points
    2020-05-28T22:59:08.437+00:00

    AmanPreetSingh:

    I see you are setting validateAuthority and not validateIssuer.

    Ooops, perhaps I could have been more clear. active-directory-b2c-javascript-angular-spa references
    active-directory-b2c-javascript-nodejs-webapi. In this latter link they say:

    To use <your-tenant-name>.b2clogin.*, you need set validateIssuer: false. Learn more about using b2clogin.com.

    I cannot find validateIssuer anywhere. Perhaps they intended to say ValidateAuthority?

    Thank you

    Siegfried