B2C Issuer Claim URL with Policy ID

Question

Good Morning Team

I have created a B2C tenant and used built-in and custom policy to authenticate consumer users to Dynamics 365 web portal.

Built-in user flow while accessing Dynamics 365 portal app is working fine and it has the following issuer url

https://.b2clogin.com/tfp//b2c_1_signin/v2.0/

However, the flow using custom policy shows an error [Unable to retrieve document from: '[PII is hidden]'.] that is pointing towards issuer uri. The issuer uri for this custom policy is
https://.b2clogin.com//v2.0/

I understand that Issuer(is)claim property identifies the Azure AD B2C tenant that issued the token. The default value is https:///{B2C tenant GUID}/v2.0/. However, the value of https:///tfp/{B2C tenant GUID}/{Policy ID}/v2.0/ includes IDs for both the Azure AD B2C tenant and the user flow that was used in the token request.

It seems that Dynamics 365 portal apps requires this format https:///tfp/{B2C tenant GUID}/{Policy ID}/v2.0/. How would I change the custom policy so that the issuer uri will be of the above format with Policy ID in it?

Thanks

Answer

Hi @Syed Palayathar · Thank you for reaching out.

In order to get the value of Issuer claim in https://.b2clogin.com/tfp//b2c_1_signin/v2.0/ format, you need to add below metadata key to the , which is by default in the trustframeworkbase file.

AuthorityWithTfp

Below is how the Issuer claim in the token looks like afterwards:

When this key is not added default value taken is AuthorityAndTenantGuid which is why tfp and the policy names are not included in the issuer claim.

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

B2C Issuer Claim URL with Policy ID

1 answer