Is it possible to get a short URL for the the sign up page with AD B2C like `domain.com/login` without all the oauth details in the URL?

Alexander Tarnavsky 6 Reputation points
2022-03-04T13:17:40.823+00:00

In most other websites I see on the web the login page has a simple URL like domain.com/login. Some examples:

I managed to configure a custom domain using Front Door but the URL is still very long and suspicious, looking like this:

https://customdomain.com/#############.onmicrosoft.com/b2c_1_signupsignin1/oauth2/v2.0/authorize?client_id=#############scope=openid%20https%3A%2F%2F#############.onmicrosoft.com%2F#############%20https%3A%2F%#############.onmicrosoft.com%#############%#############.write%20profile%20offline_access&redirect_uri=#############&client-request-id=#############&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.19.0&x-client-OS=&x-client-CPU=&client_info=1&code_challenge=#############&code_challenge_method=S256&nonce=#############&state=#############%3D

I suspect this is because MSAL is sending all the authentication parameters in the URL instead of using POST.
Our front-end is in Vue.js and we are using MSAL for authentication with a redirect sign-up (not popup). We configured the tenant with user flow (not custom policy).
Is there a way to have a custom URL and not only domain in AD B2C?

Thanks in advance,
Alex

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 56,871 Reputation points Moderator
    2022-03-07T09:55:34.783+00:00

    Hi @Alexander Tarnavsky • Thank you for reaching out.

    I understand that you want to have the signup/sign-in URL shortened to domain.com/login. This is only possible if the application handles the signup/sign-in process without using an IDP such as B2C/Okta/PingFederate for this purpose.

    However, this is not possible in the case of the applications that are federated with B2C as the federated applications must pass the parameters required by OAuth/OIDC parameters such as client_id, response type, redirect_uri, scope, state, nonce etc. If the application is federated using SAML, the required parameters for SAML protocol must be present in the authentication request.

    So, you can only use a custom domain in the authentication request but you can not customize the entire URL by hiding/removing the OAuth/OIDC parameters, if the authentication is handled by Azure AD B2C.

    Read more:


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.