oidc-client and Azure AD B2C: Bad Request

Question

oidc-client returns the following error at UserManager.userManager.signinRedirectCallback():

Here is my config:

  authority: 'https://<tenant_name>.b2clogin.com/<tenant_name>.onmicrosoft.com/<policy>/v2.0',
  client_id: '<client_id>',
  redirect_uri: `http://localhost:4200/login-callback`,
  response_type: 'code',
  scope: 'openid profile',

Also:

Before the error, I am able to login properly using the Azure AD B2C login page.
When I use the endpoint v1 (by removing the "v2.0" suffix from the authority) it's working as expected.
I use the "Sign up and sign in" (no custom policy here).

Take a network trace (chrome dev tools or Fiddler) so we can see what the request looks like. — Jas Suri - MSFT, May 15 '20 at 06:54

score 0 · Answer 1 · answered May 13 '20 at 06:56

0

You can try to get the code by executing the following request in the browser,reference here:

GET https://<tenant_name>.b2clogin.com/<tenant_name>.onmicrosoft.com/<policy>/oauth2/v2.0/authorize?
client_id=<client_id>
&response_type=code+id_token
&redirect_uri=https://jwt.ms
&response_mode=query
&scope=openid offline_access 
&state=123
&nonce=12345

answered May 13 '20 at 06:56

Carl Zhao

8,543
2
11
19

The `oauth2/v2.0/authorize` request works it's the `oauth2/v2.0/token` request that is failling. – Maxime Gélinas May 13 '20 at 14:44

score 0 · Accepted Answer · edited Jun 09 '20 at 15:42

0

The problem was not in my code, but in my B2C settings on Azure. Thanks to this answer from @chrsi, I was able to fix it.

First, change the reply URL type in your app registration manifest to Spa:

Then, make sure you set some API specific scopes (e.g. https://<tenant>.onmicrosoft.com/api/write). Otherwise, the returned access token will be undefined.

edited Jun 09 '20 at 15:42

marc_s

732,580
175
1,330
1,459

answered May 18 '20 at 18:21

Maxime Gélinas

2,202
2
18
35

oidc-client and Azure AD B2C: Bad Request

2 Answers2