18

I've successfully implemented MSAL JS for Azure AD B2C. The next step is to let the user edit their profile. I've created a new policy for Edit Profile. But how to redirect the user there? There are only login methods / acquire token methods. I've tried to set the authority to a different policy. It then does redirect to the right page, but then it starts complaining about errors in scopes, and it messes up the token locally.

editProfile() {
  this.userAgentApp.authority = this.policyEditProfile;
  this.userAgentApp.loginRedirect();
}

The ASP.NET code examples explicitly have an option to set the editProfile Policy ID: https://learn.microsoft.com/en-gb/azure/active-directory-b2c/active-directory-b2c-devquickstarts-web-dotnet-susi#update-code-to-use-your-tenant-and-policies

Feels like this is missing from MSAL.JS and I have to manually craft the URL, is that correct?

user911
  • 1,509
  • 6
  • 26
  • 52
Boland
  • 1,531
  • 1
  • 14
  • 42

1 Answers1

6

Yes, this is correct. You will need to use a different authority which URL is composed of the tenant and the policy name, as shown here:

private static string Tenant = "yourTenant.onmicrosoft.com";
public static string PolicySignUpSignIn = "b2c_1_susi";
public static string PolicyEditProfile = "b2c_1_edit_profile";
private static string BaseAuthority = "https://login.microsoftonline.com/tfp/{tenant}/{policy}/oauth2/v2.0/authorize";
public static string Authority = BaseAuthority.Replace("{tenant}", Tenant).Replace("{policy}", PolicySignUpSignIn);
public static string AuthorityEditProfile = BaseAuthority.Replace("{tenant}", Tenant).Replace("{policy}", PolicyEditProfile);

BTW, that sample, although for .NET Desktop shows how to use the edit profile and password reset policies: active-directory-b2c-dotnet-desktop , see in particular the EditProfileButton_Click method, the factor of acquiring the token (interactively) will trigger the dialog to edit the profile:

AuthenticationResult authResult = await App.PublicClientApp.AcquireTokenAsync(App.ApiScopes, GetUserByPolicy(App.PublicClientApp.Users, App.PolicyEditProfile), UIBehavior.SelectAccount, string.Empty, null, App.AuthorityEditProfile);
Jean-Marc Prieur
  • 1,553
  • 11
  • 11
  • Thanks for this! I've tried it in MSAL.JS, but then I get this exception? this.userAgentApp.acquireTokenPopup(authSettings.scopes, this.policyEditProfile).then((accessToken) => { this.setAuthenticated(accessToken); }, (error) => { console.error(error); }) AADB2C90055: The scope 'openid profile' provided in request must specify a resource, such as 'https://example.com/calendar.read'. Correlation ID: 8a022666-3400-4d7d-a847-f8dc4dc49452 Timestamp: 2017-08-13 23:42:10Z :invalid_request – Boland Aug 13 '17 at 23:42
  • I'm using the same scopes as when logging in. Why do I need other scopes for edit profile? – Boland Aug 13 '17 at 23:43
  • Did you find a solution for getting Edit Profile to work via MSAL.js? – Natasha Voloshyna Jan 20 '21 at 16:42