Issues with handling the azure B2C user flows
See original GitHub issueExpected Behavior
Let the user handle the query params that are inside the Url for configuration discovery with attached query params
[REQUIRED] Describe expected behavior
Given an URL with a query params (ex. https://login.microsofonline.com/{tenant}/v2.0?p=B2C_1_nfwSignIn) make the URL formulated to construct a valid URL (ex. https://login.microsofonline.com/{tenant}/v2.0/.well-known/openid-configuration?p=B2C_1_nfwSignIn)
Describe the problem
The Issue comes when you pass the URL as stated above the formulated URL is not a valid one given the concatenation that occurs on the file authorization_service_configuration.ts
Also see this reference from Azure documentation
[REQUIRED] Actual Behavior
On function fetchFromIssuer
Input https://login.microsofonline.com/{tenant}/v2.0?p=B2C_1_nfwSignIn
Returns https://login.microsofonline.com/{tenant}/v2.0?p=B2C_1_nfwSignIn/.well-known/openid-configuration
[REQUIRED] Steps to reproduce the behavior
Just place the URL https://login.microsofonline.com/{tenant}/v2.0?p=B2C_1_nfwSignIn
in the fetchFromIssuer
function, I’m using a 3rd party plugin that has a dependency on this repo ionic-appauth
[REQUIRED] Environment
- AppAuth-JS version: 1.3.1
- AppAuth-JS Environment (Node, Browser (UserAgent), …): Ionic which I assume would be browser____
- Source code snippts (inline or JSBin)
This code resolves my issue but I’m not sure how to make a pull request
static fetchFromIssuer(openIdIssuerUrl: string, requestor?: Requestor):
Promise<AuthorizationServiceConfiguration> {
const searchForQueryParams = function(url: string) {
let result;
let queryOr: any = url.split('/');
let query = queryOr[queryOr.length - 1].split('?');
if (query.length > 1) {
queryOr.splice(queryOr.length - 1, 1);
queryOr = queryOr.join('/');
result = [queryOr, `?${query[query.lenght - 1]}`];
} else {
result = [url, ''];
}
return result;
};
const newUrl = searchForQueryParams(openIdIssuerUrl);
const fullUrl = `${newUrl[0]}/${WELL_KNOWN_PATH}/${OPENID_CONFIGURATION}${newUrl[1]}`;
const requestorToUse = requestor || new JQueryRequestor();
return requestorToUse
.xhr<AuthorizationServiceConfigurationJson>({url: fullUrl, dataType: 'json', method: 'GET'})
.then(json => new AuthorizationServiceConfiguration(json));
}
Issue Analytics
- State:
- Created 2 years ago
- Comments:6
Top GitHub Comments
That is a bug. Will look into it.
Sure, but some configurations inside enterprises flow cant be changed for some reason (bureaucracy or legacy) that are available inside azure b2c, therefore the need for this change.
Is not like maintaining an old way of doing this, but unless Azure removes completely this option it should be able to handle them as mentioned in the request and MR