Base solution for your next web application
Open Closed

B2C token authentication setup issues #11661


User avatar
0
henryand created

i am using the Angular/Core combined ANZ v10

we have a new customer that wants us to authenticate to their B2C server with OpenIdConnect. No matter what configuration settings i try, i still get Wrong Issuer on the front end after receiving the token. I placed logging in OpenIdConnectAuthProviderApi.ValidateToken but it doesn't seem to be getting that far.

Maybe it is a mapping issue? I don't know where to put their token_endpoint, if necessary. or their JW keys. Could you explain the JWTBearer parameters? Is that ClaimsMapping correct for ANZ to use email to login instead of username?

  //from https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/v2.0/.well-known/openid-configuration
  //"issuer": "https://theirnode.b2clogin.com/TheirTenantIdGuid/v2.0/",
  //"authorization_endpoint": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize",
  //"token_endpoint": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/token",
  //"end_session_endpoint": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/logout",
  //"jwks_uri": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/discovery/v2.0/keys",
  //"userinfo_endpoint": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/openid/v2.0/userinfo",

  "IsEnabled": "true",
  "ClientId": "OurGuid",
  "ClientSecret": "OurSecret",
  "Authority": "https://*theirnode*.b2clogin.com/*TheirTenantIdGuid*/v2.0",
  "UserInfoEndpoint": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/openid/v2.0/userinfo",
  "LoginUrl": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize",
  "LogoutUrl": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/logout",
  "NotAuthorizedURL": "https://theirnode.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/logout",
  "WellKnown": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/v2.0/.well-known/openid-configuration",
  "ValidateIssuer": "false",
  "ClaimsMapping": [
    {
      "claim": "email",
      "key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
    }
  ]
"JwtBearer": {
  "IsEnabled": "true",
  "SecurityKey": "*OurSecurityKey*",
  "Issuer": "*SomeGuid*",
  "Audience": "*SameGuidAsIssuer*"
}

NOTE: adding the slash at the end of the authority gives a server error: The given key 'WellKnown' was not present in the dictionary. (the support forum will not let me reply to your message)


3 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    As far as I can see, your Authority value in appsettings.json is missing an ending / character. Could you change it to https://theirnode.b2clogin.com/TheirTenantIdGuid/v2.0/ and try again ?

  • User Avatar
    0
    henryand created

    : adding the slash at the end of the authority gives a server error: The given key 'WellKnown' was not present in the dictionary.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Is it possible to access the app online ? If so, could you share its URL with [email protected] ?