i am using the Angular/Core combined ANZ v10
we have a new customer that wants us to authenticate to their B2C server with OpenIdConnect. No matter what configuration settings i try, i still get Wrong Issuer on the front end after receiving the token. I placed logging in OpenIdConnectAuthProviderApi.ValidateToken but it doesn't seem to be getting that far.
Maybe it is a mapping issue? I don't know where to put their token_endpoint, if necessary. or their JW keys. Could you explain the JWTBearer parameters? Is that ClaimsMapping correct for ANZ to use email to login instead of username?
//from https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/v2.0/.well-known/openid-configuration
//"issuer": "https://theirnode.b2clogin.com/TheirTenantIdGuid/v2.0/",
//"authorization_endpoint": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize",
//"token_endpoint": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/token",
//"end_session_endpoint": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/logout",
//"jwks_uri": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/discovery/v2.0/keys",
//"userinfo_endpoint": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/openid/v2.0/userinfo",
"IsEnabled": "true",
"ClientId": "OurGuid",
"ClientSecret": "OurSecret",
"Authority": "https://*theirnode*.b2clogin.com/*TheirTenantIdGuid*/v2.0",
"UserInfoEndpoint": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/openid/v2.0/userinfo",
"LoginUrl": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize",
"LogoutUrl": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/logout",
"NotAuthorizedURL": "https://theirnode.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/logout",
"WellKnown": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/v2.0/.well-known/openid-configuration",
"ValidateIssuer": "false",
"ClaimsMapping": [
{
"claim": "email",
"key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
}
]
"JwtBearer": {
"IsEnabled": "true",
"SecurityKey": "*OurSecurityKey*",
"Issuer": "*SomeGuid*",
"Audience": "*SameGuidAsIssuer*"
}
NOTE: adding the slash at the end of the authority gives a server error: The given key 'WellKnown' was not present in the dictionary. (the support forum will not let me reply to your message)
3 Answer(s)
-
0
Hi,
As far as I can see, your
Authorityvalue in appsettings.json is missing an ending / character. Could you change it tohttps://theirnode.b2clogin.com/TheirTenantIdGuid/v2.0/and try again ? -
0
: adding the slash at the end of the authority gives a server error: The given key 'WellKnown' was not present in the dictionary.
-
0
Is it possible to access the app online ? If so, could you share its URL with [email protected] ?
