2

I am trying to integrate Azure AD B2C as OpenID Connect into PlayFab to support AD user to login into PlayFab, below are the steps which I have tried-

Azure AD B2C

  • Registered Client app under B2C
  • Create SignUp and SignIn User Flow
  • Added Google and Facebook as Identity Provider under User Flow.
  • Successfully able to login user using Google and Facebook.

PlayFab Configuration

  • Created Game title

  • Successfully able to add logins players using LoginWithCustomID, LoginWithFacebook.

OpenId Connect config in PlayFab:

  • Under OpenId Connect, I have added Connection ID, Client ID, Client Secret and Issuer.
  • Under Issuer, I have added entry as https://{tenant-name}.b2clogin.com/{tenant-name}.onmicrosoft.com/b2c_1_signupsignin/v2.0

Problem:

When I am trying to hit LinkOpenIdConnect API from PlayFab, API is returning blow error-

{
    "code": 403,
    "status": "Forbidden",
    "error": "NotAuthorized",
    "errorCode": 1089,
    "errorMessage": "IDX20803: Unable to obtain configuration from: 'https://{tenant-name}.b2clogin.com/{tenant-id}/v2.0/.well-known/openid-configuration'."
}

Could anyone please help me where I am doing wrong? Thank you in advance.

deen
  • 2,185
  • 7
  • 29
  • 53

1 Answers1

2

Please check if below can be worked around.

Please Make sure the Authority, on the API server, should be set to a URL that points to one of the policies so that it can be properly fetched in the openid configuration.

Make sure that policy settings have the issuer URL format set to the one that does NOT include a specific policy in the issuer URL. And provide the generic issuer url in portal like below

https:// /tfp//v2/

(or)

policy specific issuer :

https://domain/tfp//b2c_1_ policy/v2/

Authority something like https://<tenantname>.b2clogin.com/tfp/{tenantName}.onmicrosoft.com/B2C_1_{signup_policy}/v2.0/ "

Or

https://<tenantname>.b2clogin.com/tfp/TenantId /B2C_1_{signup_policy}/v2.0/

/tfp is optional but try to include and check by adding tfp Where Instance is "https://XXXX.b2clogin.com/tfp/", Domain is "XXXX.onmicrosoft.com"

Issuer (iss) claim is a property that identifies the Azure AD B2C tenant that issued the token.

The default value is https://<domain>/{B2C tenant GUID}/v2.0/. whereas, the value of https://<domain>/tfp/{B2C tenant GUID}/{Policy ID}/v2.0/ includes IDs for both the Azure AD B2C tenant and the user flow that was used in the token request

Reference

kavyaS
  • 8,026
  • 1
  • 7
  • 19
  • After following the steps mentioned, getting error response **IDX10501: Signature validation failed. Unable to match key** – deen Feb 16 '22 at 10:02
  • Can you please update question with more code details and sdks used . – kavyaS Feb 17 '22 at 14:19
  • Hi Kavya, I am not using code as PlayFab supports plug and play configuration. PlayFab is Backend as a Service product from Microsoft. Putting link for ref https://learn.microsoft.com/en-us/rest/api/playfab/admin/authentication/create-openid-connection?view=playfab-rest – deen Feb 18 '22 at 04:24
  • Have you chose the account type as "Accounts in this organisational directory only" in portal? and please try with your issuer URL followed by "/.well-known/openid-configuration". For example, if the issuer is https://example.com, try https://example.com/.well-known/openid-configuration – kavyaS Feb 18 '22 at 06:03