Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[Feature Request] improve developer experience with login.microsoftonline.com in B2C tenants
See original GitHub issueWhat do do:
When B2C is detected (presence of a policy) but the authority is login.microsoftonline.com without the tfp, we should log an error and throw an exception ArgumentException in AddMicrosoftWebApp(), so that customers know that they either have to use login.b2c.com or have tfp.
Error message:
- the configuration contains a sign-in sign-up policy and therefore your application is considered as a B2C application, however, the authority is login.microsoftonline.com. Consider either changing your authority to “https://login.microsoftonline.com/tfp/” or moving to “b2clogin.com”. See https://aka.ms/ms-id-web/troubleshooting/b2c
cc: @jennyf19 Would https://github.com/AzureAD/microsoft-identity-web/issues/168 be a duplicate?
Initial report:
Documentation Related To Component:
Microsoft.Identity.Web nuget package (version 0.1.1-preview)
Please check those that apply
- typo
- documentation doesn’t exist
- documentation needs clarification
- error(s) in example
- needs example
Description Of The Issue
> dotnet --version3.1.201> git clone https://github.com/AzureAD/microsoft-identity-web.git> cd microsoft-identity-web/ProjectTemplates> dotnet pack AspNetCoreMicrosoftIdentityWebProjectTemplates.csproj> cd bin/Debug> dotnet new --install Microsoft.Identity.Web.ProjectTemplates.0.1.0.nupkg
Verify if the templates are available
> dotnet new
Now, let’s create a new ASP.NET Core web api project
-
Navigate to a folder where we will create new project
-
> dotnet new webapi2 --auth Singleorg -n WeatherStation -
> cd WeatherStation -
Update
appsettings.jsonfile (image has fake data)
-
> dotnet run -
> curl -i http://localhost:5000/weatherforecast -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI2NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vNzNiOWUwZjgtNDY1Yy00MzY1LTkzNGUtMTM4ZmUxYjEyNDQ4L3YyLjAvIiwiZXhwIjoxNTg4NjQ2NTIyLCJuYmYi9wbWVudCIsImZhbWlseV9uYW1lIjoiR3JvdXAiLCJuYW1lIjoiRGV2ZWxvcG1lbnQgR3JvdXAiLCJuZXdVc3VyIjpmYWxzZSwiZXh0ZW5zaW9uX0NvbXBhbnkiOiJNSUNST0RFQSIsImV4dGVuc2lvbl9QaG9uZSI6IjU1NTU1NTU1NTUiLCJlbWFpbHMiOlsiZGV2ZWxvcG1lbnRncm91cEBtaWNyb2RlYS5jb20iXSwidGZwIjoiQjJDXzFfTG9hZFBhbERldiIsImF6cCI6IjliNzBjZTY4LTZlOWEtNGJiZC1iYWU3LWVhZGY5YjFkN2IxMSIsInZlciI6IjEuMCIsImlhdCI6MTU4ODYzOTMyMn0.hVAD5SZ4hIsyYdZgKPT0LBzHP3Ud5aU8vHXWQBcCMMOcjb5ZApiZSjzI7fdEQHuesudQtgwZumui-1a_XIV6v6jls5I_SlCr-h5bKJwa1VAW7_oKmKVxEjqt60dVJU8LIizySXimNXpS8W-YUHz0HBptE1vHndwadOT2OvB2ZOOHhNUnpNBdxaCYR-0TdSeH2ZnpXs6mphzxyRdD8-Bt7BB4FJZUNH63HpsJ3cV7aO08FrJ0jkveIdwcFy2WZbW-i1B8NWaWgPOpyx3DTWm3UCfJsLmVy21d6sK8LBL-vRaBfiSIfR9I1L2W_hB9U-TQMaTwQkAuXh4cNmg2u7GT8P"
I get an error message
WWW-Authenticate: Bearer error="invalid_token", error_description="The signature key was not found"
Issue Analytics
- State:
- Created 3 years ago
- Comments:21 (1 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@prabh-62 i updated the title, as i believe this was the root cause. will make it easier for us to track. hope you don’t mind. 😃
Thanks @jennyf19 Do we want to throw in Microsoft.Identity.Web if we detect B2C (a user flow) and authority is login.microsoftonline.com without the tfp ? We could have a meaningful exception advising to use b2cloging.com? what do you think?