Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

angular 15 + azure b2c

See original GitHub issue

i’m using the above techs to port as a poc an old app. login to b2c is done in angular, using code flow, and it returns a complete set of data ( access token, custom roles etc).

i’m now trying to protect an endpoint by using eg:

public override void Configure()
        {
            Claims("sub");
            Post("/users/getuserbyid");
            //Policies("LoggedIn");
        }

or by setting up a policy in program.cs:

builder.Services.AddAuthorization(options =>
{
    options.AddPolicy("LoggedIn", x => x.RequireClaim("sub"));
});

  builder.Services.AddAuthentication(o =>
  {
      o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
      o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
  })
  .AddJwtBearer(o =>
  {
      o.Authority = $"https://xxxxx.b2clogin.com/xxxxx.onmicrosoft.com/B2C_1_signin/v2.0";
      o.Audience = "xxxx-xxxx-xxxx-xxxx";
  });

the call from angular looks like:

    const options = { headers: new HttpHeaders({
                    Authorization: 'Bearer ' + this.accessToken,
                    Accept: 'application/json, text/plain, */*'
                  }), 
                  params: new HttpParams().set("Id", id)};

    return this.http.post<T>(this.apiBaseUrl + url, options);
  }

and my request object server-side looks like:

public class EntityByIdRequest
    {
        [From(Claim.name, IsRequired = true)] 
        public string name { get; set; }

        public string Id { get; set; } = string.Empty;
    }

nothing works. i am never authenticated and i never get the id i pass in the params object in the request, unless i remove the authorization restriction. i’m obv. missing something, but what? any ideas anyone?

Issue Analytics

State:
Created 8 months ago
Comments:10 (6 by maintainers)

Top GitHub Comments

1reaction

aylmercarsoncommented, Feb 4, 2023

…sorted. although the api was declaring my jwt as valid, including validating the audience, i had an incorrect audience setting. i did a few other minor changes but afaict that was the main issue. thanks again for your help.

1reaction

dj-nitehawkcommented, Feb 3, 2023

if all else fails, do a minimalistic repro using asp.net minimal apis according to their tutorials/guides and i’ll help to convert that to fastendpoints.

Top Results From Across the Web

Configure authentication in a sample Angular SPA by ...

Configure authentication in a sample Angular single-page application by using Azure Active Directory B2C · Step 1: Configure your user flow · Step ......

Enable authentication in an Angular application by using ...

This configuration file contains information about your Azure AD B2C identity provider and the web API service. The Angular app uses this ...

Tutorial: Create an Angular app that uses the ...

MSAL Angular enables Angular 9+ applications to authenticate enterprise users by using Azure Active Directory (Azure AD), and also users ...

Authenticate Angular App using Azure AD B2C

The objective of this post is to give the readers a practical understanding of Azure AD B2C by authenticating an Angular application using...

Angular 15 support · Issue #5410 · AzureAD/microsoft- ...

Public Description Will MSAL support Angular 15. M.. ... stopped me dead in my tracks after promoting azure B2C and Angular. hard to...