Base solution for your next web application
Open Closed

How to configure Azure AD B2C using OpenId Connect #11665

edsellu created

Are there any instructions/documentation on how to configure the Angular flavor of ASP.NET Zero against Azure AD B2C?

I had to "hack up" some of the code to get it working. I'm probably doing something wrong.

  1. The authority is not the issuer & the Angular app throws an exception
    1. Hack: hard code the issuer in the Angular code
  2. loadDiscoveryDocumentAndTryLogin uses the issuer for the .well-known configuration & that's not how B2C issues tokens
    1. Hack: call the loadDiscoveryDocument() method & pass a hard coded value


"Authentication": {
  "OpenId": {
    "IsEnabled": "true",
    "ClientId": "e54897a8-f204-47d0-94fd-fca2701866b5",
    "Authority": "",
    "LoginUrl": "",
    "ValidateIssuer": "true",
    "ResponseType": "id_token",
    "ClaimsMapping": [
        "claim": "",
        "key": "name"
        "claim": "",
        "key": "emails"

sidenote: the claims mapping was a lucky educated guess (the email one it told me but not the name one)

change 1 to issuer in Angular code:

private getOpenIdConnectConfig(loginProvider: ExternalLoginProvider): AuthConfig {
    let authConfig = new AuthConfig();
    authConfig.loginUrl = loginProvider.additionalParams['LoginUrl'];
    //authConfig.issuer = loginProvider.additionalParams['Authority'];
    authConfig.issuer = "";
    return authConfig;

change 2 to .well-known config

public openIdConnectLoginCallback(resp) {
    this.initExternalLoginProviders(() => {
        let openIdProvider = _filter(this.externalLoginProviders, {
            name: 'OpenIdConnect',
        let authConfig = this.getOpenIdConnectConfig(openIdProvider);


        // out of the box code
        // loadDiscoveryDocumentAndTryLogin(options = null) {
        //     return this.loadDiscoveryDocument().then((doc) => {
        //         return this.tryLogin(options);
        //     });
        // }
        let configEndpoint = "";
            .then((doc) => {
                this.oauthService.tryLogin().then(() => {

Issuer vs authority/.well-known config "iss": "" vs


ClientId maps to this:

Authority maps to this:

LoginUrl maps to this:

Additional links

3 Answer(s)
  • 0
    ismcagdas created
    Support Team


    We only have this document We will review your findings and improve the documentation.

  • 0
    elecosoftseservice created

    Could I also ask the ASP.NET Zero team to provide some more instructions on how to get AD B2C working, as I am in a similar position.

  • 0
    mdepouw created

    Hi @ismcagdas - any updates? Are my customizations required or am I doing something wrong? thanks!