[Feature Request] improve developer experience with login.microsoftonline.com in B2C tenants
See original GitHub issueWhat do do:
When B2C is detected (presence of a policy) but the authority is login.microsoftonline.com without the tfp, we should log an error and throw an exception ArgumentException in AddMicrosoftWebApp(), so that customers know that they either have to use login.b2c.com or have tfp.
Error message:
- the configuration contains a sign-in sign-up policy and therefore your application is considered as a B2C application, however, the authority is login.microsoftonline.com. Consider either changing your authority to “https://login.microsoftonline.com/tfp/” or moving to “b2clogin.com”. See https://aka.ms/ms-id-web/troubleshooting/b2c
cc: @jennyf19 Would https://github.com/AzureAD/microsoft-identity-web/issues/168 be a duplicate?
Initial report:
Documentation Related To Component:
Microsoft.Identity.Web nuget package (version 0.1.1-preview)
Please check those that apply
- typo
- documentation doesn’t exist
- documentation needs clarification
- error(s) in example
- needs example
Description Of The Issue
> dotnet --version
3.1.201
> git clone https://github.com/AzureAD/microsoft-identity-web.git
> cd microsoft-identity-web/ProjectTemplates
> dotnet pack AspNetCoreMicrosoftIdentityWebProjectTemplates.csproj
> cd bin/Debug
> dotnet new --install Microsoft.Identity.Web.ProjectTemplates.0.1.0.nupkg
Verify if the templates are available
> dotnet new
Now, let’s create a new ASP.NET Core web api project
-
Navigate to a folder where we will create new project
-
> dotnet new webapi2 --auth Singleorg -n WeatherStation
-
> cd WeatherStation
-
Update
appsettings.json
file (image has fake data) -
> dotnet run
-
> curl -i http://localhost:5000/weatherforecast -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI2NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vNzNiOWUwZjgtNDY1Yy00MzY1LTkzNGUtMTM4ZmUxYjEyNDQ4L3YyLjAvIiwiZXhwIjoxNTg4NjQ2NTIyLCJuYmYi9wbWVudCIsImZhbWlseV9uYW1lIjoiR3JvdXAiLCJuYW1lIjoiRGV2ZWxvcG1lbnQgR3JvdXAiLCJuZXdVc3VyIjpmYWxzZSwiZXh0ZW5zaW9uX0NvbXBhbnkiOiJNSUNST0RFQSIsImV4dGVuc2lvbl9QaG9uZSI6IjU1NTU1NTU1NTUiLCJlbWFpbHMiOlsiZGV2ZWxvcG1lbnRncm91cEBtaWNyb2RlYS5jb20iXSwidGZwIjoiQjJDXzFfTG9hZFBhbERldiIsImF6cCI6IjliNzBjZTY4LTZlOWEtNGJiZC1iYWU3LWVhZGY5YjFkN2IxMSIsInZlciI6IjEuMCIsImlhdCI6MTU4ODYzOTMyMn0.hVAD5SZ4hIsyYdZgKPT0LBzHP3Ud5aU8vHXWQBcCMMOcjb5ZApiZSjzI7fdEQHuesudQtgwZumui-1a_XIV6v6jls5I_SlCr-h5bKJwa1VAW7_oKmKVxEjqt60dVJU8LIizySXimNXpS8W-YUHz0HBptE1vHndwadOT2OvB2ZOOHhNUnpNBdxaCYR-0TdSeH2ZnpXs6mphzxyRdD8-Bt7BB4FJZUNH63HpsJ3cV7aO08FrJ0jkveIdwcFy2WZbW-i1B8NWaWgPOpyx3DTWm3UCfJsLmVy21d6sK8LBL-vRaBfiSIfR9I1L2W_hB9U-TQMaTwQkAuXh4cNmg2u7GT8P"
I get an error message
WWW-Authenticate: Bearer error="invalid_token", error_description="The signature key was not found"
Issue Analytics
- State:
- Created 3 years ago
- Comments:21 (1 by maintainers)
Top GitHub Comments
@prabh-62 i updated the title, as i believe this was the root cause. will make it easier for us to track. hope you don’t mind. 😃
Thanks @jennyf19 Do we want to throw in Microsoft.Identity.Web if we detect B2C (a user flow) and authority is login.microsoftonline.com without the tfp ? We could have a meaningful exception advising to use b2cloging.com? what do you think?