Integrating with Azure B2C

Laurence 1 Reputation point
2021-08-12T08:59:26.247+00:00

We are trying to support azure B2C in our web application (the application runs on a custom web host). We already integrated with B2B, but we are unable to integrate with B2C yet.

We are using the azure b2c application that is constructed in the following read-me: https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/4-WebApp-your-API/4-2-B2C. We did not set the Implicit grant and hybrid flows checkboxes for our application since authentication is handled by our backend. The application works when we use the supplied code, but it fails with the ConfidentialClientApplication class.

We cannot acquire a token from the ConfidentialClientApplication class when using the methods AcquireTokenByAuthorizationCode. The method fails with the error: 'Policy 'B2C_1_signup_signin' does not contain a AuthorizationTechnicalProfile with a corresponding ClientAssertionType'.

We tried to change the replay Url type to Spa to prevent the AuthorizationTechnicalProfile error. After this change, the error 'The supplied code_verifier is invalid' is thrown instead. So, this did not solve our problem.

We can get a valid token when we build a PublicClientApplication that makes use of the method AcquireTokenInteractive. However, we cannot use this since we are in a web environment.

The issue can be reproduced with the following code snippet. In our environment, the variable code is received from signing into azure B2C. I replaced it with a variable in this example:

        var code = "xxxxxxxxxxxxx";
        var redirectUri = $"https://xxx.xxxxxxxxxx.com:8080/api/external_authentication/app";
        var clientId = "000000000-0000-0000-0000-000000000000";
        var tenantName = "tenantName";
        var policySignUpSignIn = "B2C_1_signup_signin";
        var certificateThumbprint = "0000000000000000000000000000000000000000";

        var tenant = $"{tenantName}.onmicrosoft.com";
        var apiScopes = new [] { $"https://{tenant}/helloapi/demo.read" };
        var azureAdB2CHostname = $"{tenantName}.b2clogin.com";
        var authorityV2 = $"https://{azureAdB2CHostname}/tfp/{tenant}/{policySignUpSignIn}";

        var test = ConfidentialClientApplicationBuilder.Create(clientId)
            .WithB2CAuthority(authorityV2)
            .WithRedirectUri(redirectUri)
            .WithCertificate(ReadCertificate(certificateThumbprint, StoreLocation.LocalMachine))
            .Build();

        try
        {
            var userToken = await test.AcquireTokenByAuthorizationCode(apiScopes, code).ExecuteAsync(); //Exception: The supplied code_verifier is invalid
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.Message);
        }

Edit: the whole question is updated because of new insights.

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,951 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,432 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. soumi-MSFT 11,786 Reputation points Microsoft Employee
    2021-09-27T09:19:56.123+00:00

    @Laurence , If your app is a WebApp, that you are trying to integrate using B2C, please try the following ASP .Net Core MVC App Sample. This sample uses OIDC protocol to authenticate the user using B2C.

    In case you have a WebAPI that you want to protect using B2C, that's when the sample you referred to will help.

    Please check the following repo for more B2C samples: https://github.com/azure-ad-b2c/apps/tree/master/apps


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.