External provider "itsme" (Belgium)

Admin 365 1 Reputation point
2022-01-26T11:23:27.623+00:00

Hi,

I'm actually testing integration of external identity provider in our Azure ADB2C tenant.

First, I get a E2E test account provided by itsme onboarding team (clientId, Service code and secret key).

Next, I have created a new external identity provider in our tenant, then a standard userflow and a application, in order to test the itsme flow.

All theses steps are available in the Microsoft documentation :
https://learn.microsoft.com/en-us/azure/active-directory-b2c/partner-itsme

When I want to execute this userflow (with the itsme button), a new page in the browser is opened and I get an error : "invalid_redirect".

Our redirect URI as been transmitted to the itsme support.

I have contacted the itsme support many times, but they recommand me to contact the MS Support too. Perhaps it could be an error in our tenant/configuration, but I can't see what... All steps have been scrupulously respected.

However, this test userflow is ok with Google and Facebook external providers...

Does anyone has succeded to add and use itsme in a user flow ? :)

Thank you :)

Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
930 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,466 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Hamil 21,621 Reputation points Microsoft Employee
    2022-02-01T23:43:04.947+00:00

    Hi @Admin 365 , You need to specify the redirect URI in the login URL and specify where the user and authorization code should be redirected. If you don't specify a Redirect URI in the Login URL, the user will be redirected to the first URL specified in the app's registration.

    To resolve this, you can follow the example in the Authorization Code Grant Flow documentation to specify the Redirect URI:

    https://login.microsoftonline.com/{tenant}/oauth2/authorize?
    client_id=xxxxxx
    &response_type=code
    &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
    &response_mode=query
    &resource=https%3A%2F%2Fservice.contoso.com%2F
    &state=12345

    Otherwise you could list the URL that you want as the first one in the registration.

    Let me know if you have further questions.

    Additional reading: https://stackoverflow.com/questions/46917919/azure-ad-reply-url-how-to-add-several-urls-when-using-openid-connect-auth

    If this answer helped you please mark it as "Verified" so other users may reference it.

    Thank you,
    James

    0 comments