2

I am following this resource. I can get the token successfully but get 401 upon using the token in the second call to my api. It says Bearer error='invalid_token'. Earlier it was giving "Invalid issuer" so I decoded the token to use the issuer in "Instance" field of appSettings.json. Following are appSettings and token. What am I doing wrong?

appSettings.json

{
"AzureAdB2C": {
"Instance": "https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxx/v2.0/",
"ClientId": "452gfsgsdfgsdgssfs5425234",
"Domain": "xxxxxxxxxxxxxxx.onmicrosoft.com",
"SignUpSignInPolicyId": "B2C_1_Auth-SignUpIn"
},
"Logging": {
"LogLevel": {
"Default": "Warning"
}
},
"AllowedHosts": "*"
}

token

{
"iss": "https://login.microsoftonline.com/23423fsf234234sfsd42342vsx2542/v2.0/",
"exp": 1551878022,
"nbf": 1551874422,
"aud": "ee965664-d1e3-4144-939a-11f77c523b50",
"oid": "a9ee8ebb-433d-424b-ae24-48c73ae9969c",
"sub": "a9ee8ebb-433d-424b-ae24-48c73ae9969c",
"name": "unknown",
"extension_xxxID": "9f27fd88-7faf-e411-80e6-005056851bfe",
"emails": [
"[email protected]"
],
"tfp": "B2C_1_Auth-SignUpIn",
"scp": "user_impersonation",
"azp": "4453gdfgdf53535bddhdh",
"ver": "1.0",
"iat": 1551874422
}

AD B2C instance

enter image description here

Azure AD B2C setting AD B2C

Postman - revalapi highlighted is the uri of the registered app in the previous shot

enter image description here

Token

enter image description here

Error

enter image description here

Improve this question
10
  • The second call is to your own api? Commented Mar 7, 2019 at 2:58
  • Yes. I have edited the question to reflect that if it was not obvious. Commented Mar 7, 2019 at 10:07
  • When you request the access_token, the resource is also the same api? Commented Mar 7, 2019 at 10:16
  • I have used the implicit flow as described here Commented Mar 7, 2019 at 10:50
  • @rohit I think it can resolve your problem now. If you still have any query feel free to ask. Thank you. Commented Mar 8, 2019 at 3:34

2 Answers 2

Reset to default
2

Ok. Looks like AD B2C + .Net Core is not happy with onmicrosoft.com URI even though the Microsoft docs resource say it does. See here. I had to use the b2clogin.com uri as shown in below screen shots. Hope it helps someone.

Postman

enter image description here

AppSettings.json

enter image description here

Startup.Auth.cs

        public void ConfigureServices(IServiceCollection services)
        {
            services.AddAuthentication(AzureADB2CDefaults.BearerAuthenticationScheme)
                .AddAzureADB2CBearer(options => Configuration.Bind("AzureAdB2C", options));
            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
            services.AddApplicationInsightsTelemetry();             
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseHsts();
            }
            app.UseAuthentication();
            app.UseHttpsRedirection();
            app.UseMvc();            
        }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

For registering your B2C dotnet core application first You have to login to your B2C Tenant.

After successful Registration configure following step for implicit grant flow.

Reply URLs

Make sure you have done this step accordingly:

Go to Settings and add postman callback URL to : https://www.getpostman.com/oauth2/callback

Once you enter this URL correctly click on Save upper left.

See the screen shot below:

enter image description here

Edit Manifest

For implicit grand flow click on your application manifest and search oauth2AllowImplicitFlow property make it to true

see the screen shot below:

enter image description here

Your settings for azure B2C is done for implicit grant flow API call.

Postman

Now fire up your post man and select request type as OAuth 2.0 Like below:

enter image description here

Now Click on Get New Access Token and new popup will appear

See the screen shot below:

Add your tenant ID on Auth URL Like this :

https://login.microsoftonline.com/YourB2CTenantId/oauth2/authorize?resource=https://graph.microsoft.com

Set Your Client Id

Set Scope you want to access

enter image description here

Now click on Request Token In response you will get your implicit grant access token:

see the screen shot:

enter image description here

Access Data With this Token:

Copy the token you have accessed already on the Token textbox and select token type as Bearer Token

See the screen shot below:

enter image description here

So tricky part for implicit flow is to set up manifest property oauth2AllowImplicitFlow to true

Hope this could solve your problem. Thank you

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.