Are there any instructions/documentation on how to configure the Angular flavor of ASP.NET Zero against Azure AD B2C?
I had to "hack up" some of the code to get it working. I'm probably doing something wrong.
- The authority is not the issuer & the Angular app throws an exception
- Hack: hard code the issuer in the Angular code
loadDiscoveryDocumentAndTryLogin
uses the issuer for the .well-known configuration & that's not how B2C issues tokens- Hack: call the
loadDiscoveryDocument()
method & pass a hard coded value
- Hack: call the
appsettings.json
:
"Authentication": {
"OpenId": {
"IsEnabled": "true",
"ClientId": "e54897a8-f204-47d0-94fd-fca2701866b5",
"Authority": "https://spottedmahnb2c.b2clogin.com/spottedmahnb2c.onmicrosoft.com/B2C_1_AspNetZeroResearch/v2.0/",
"LoginUrl": "https://spottedmahnb2c.b2clogin.com/spottedmahnb2c.onmicrosoft.com/B2C_1_AspNetZeroResearch/oauth2/v2.0/authorize",
"ValidateIssuer": "true",
"ResponseType": "id_token",
"ClaimsMapping": [
{
"claim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
"key": "name"
},
{
"claim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"key": "emails"
}
]
},
sidenote: the claims mapping was a lucky educated guess (the email one it told me but not the name one)
change 1 to issuer in Angular code:
private getOpenIdConnectConfig(loginProvider: ExternalLoginProvider): AuthConfig {
let authConfig = new AuthConfig();
authConfig.loginUrl = loginProvider.additionalParams['LoginUrl'];
//authConfig.issuer = loginProvider.additionalParams['Authority'];
authConfig.issuer = "https://spottedmahnb2c.b2clogin.com/80033dfd-6eab-42c4-bdf2-4e223d4b396f/v2.0/";
//...
return authConfig;
}
change 2 to .well-known config
public openIdConnectLoginCallback(resp) {
this.initExternalLoginProviders(() => {
let openIdProvider = _filter(this.externalLoginProviders, {
name: 'OpenIdConnect',
})[0];
let authConfig = this.getOpenIdConnectConfig(openIdProvider);
this.oauthService.configure(authConfig);
this.spinnerService.show();
// out of the box code
// loadDiscoveryDocumentAndTryLogin(options = null) {
// return this.loadDiscoveryDocument().then((doc) => {
// return this.tryLogin(options);
// });
// }
let configEndpoint = "https://spottedmahnb2c.b2clogin.com/spottedmahnb2c.onmicrosoft.com/B2C_1_AspNetZeroResearch/v2.0/.well-known/openid-configuration";
this.oauthService.loadDiscoveryDocument(configEndpoint)
.then((doc) => {
this.oauthService.tryLogin().then(() => {
//...
});
});
}
Issuer vs authority/.well-known config
"iss": "https://spottedmahnb2c.b2clogin.com/80033dfd-6eab-42c4-bdf2-4e223d4b396f/v2.0/"
vs
https://spottedmahnb2c.b2clogin.com/spottedmahnb2c.onmicrosoft.com/B2C_1_AspNetZeroResearch/v2.0/.well-known/openid-configuration
Documentation
Additional links
3 Answer(s)
-
0
Hi,
We only have this document https://docs.aspnetzero.com/en/aspnet-core-angular/latest/Features-Angular-Social-Logins#openid-connect-login. We will review your findings and improve the documentation.
-
0
Could I also ask the ASP.NET Zero team to provide some more instructions on how to get AD B2C working, as I am in a similar position.
-
0
Hi @ismcagdas - any updates? Are my customizations required or am I doing something wrong? thanks!