Is it possible to get a short URL for the the sign up page with AD B2C like `domain.com/login` without all the oauth details in the URL?

Question

Is it possible to get a short URL for the the sign up page with AD B2C like `domain.com/login` without all the oauth details in the URL?

Alexander Tarnavsky 6

In most other websites I see on the web the login page has a simple URL like domain.com/login. Some examples:

I managed to configure a custom domain using Front Door but the URL is still very long and suspicious, looking like this:

https://customdomain.com/#############.onmicrosoft.com/b2c_1_signupsignin1/oauth2/v2.0/authorize?client_id=#############scope=openid%20https%3A%2F%2F#############.onmicrosoft.com%2F#############%20https%3A%2F%#############.onmicrosoft.com%#############%#############.write%20profile%20offline_access&redirect_uri=#############&client-request-id=#############&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.19.0&x-client-OS=&x-client-CPU=&client_info=1&code_challenge=#############&code_challenge_method=S256&nonce=#############&state=#############%3D

I suspect this is because MSAL is sending all the authentication parameters in the URL instead of using POST.
Our front-end is in Vue.js and we are using MSAL for authentication with a redirect sign-up (not popup). We configured the tenant with user flow (not custom policy).
Is there a way to have a custom URL and not only domain in AD B2C?

Thanks in advance,
Alex

1 answer

Your answer

Answer 1

AmanpreetSingh-MSFT 56,871 Moderator

Hi @Alexander Tarnavsky • Thank you for reaching out.

I understand that you want to have the signup/sign-in URL shortened to domain.com/login. This is only possible if the application handles the signup/sign-in process without using an IDP such as B2C/Okta/PingFederate for this purpose.

However, this is not possible in the case of the applications that are federated with B2C as the federated applications must pass the parameters required by OAuth/OIDC parameters such as client_id, response type, redirect_uri, scope, state, nonce etc. If the application is federated using SAML, the required parameters for SAML protocol must be present in the authentication request.

So, you can only use a custom domain in the authentication request but you can not customize the entire URL by hiding/removing the OAuth/OIDC parameters, if the authentication is handled by Azure AD B2C.

Read more:

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

AmanpreetSingh-MSFT 56,871 Reputation points Moderator

2022-03-08T14:03:47.57+00:00

AlexanderTarnavsky-6714 • Just checking if you have any further question.
Alexander Tarnavsky 6 Reputation points

2022-03-09T10:15:28.827+00:00

This is only possible if the application handles the signup/sign-in process without using

I think your sentence got cut in the middle, without using what?
Can you recommend a JS library to handle the authentication to AD B2C other than MSAL?
AmanpreetSingh-MSFT 56,871 Reputation points Moderator

2022-03-09T14:40:34.047+00:00

@Alexander Tarnavsky • Sorry for that. I have completed the sentence. To be honest, I have never used or seen anyone using a JS library other than MSAL to federate with B2C as the recommendation by the Azure AD B2C Product group is to use MSAL.

Share via

Is it possible to get a short URL for the the sign up page with AD B2C like `domain.com/login` without all the oauth details in the URL?

1 answer

Your answer