azure-ad-b2c

问题 I have an Angular app that uses MSAL.js and when I try to get an access token I'm receiving the following error: AADB2C90077: User does not have an existing session and request prompt parameter has a value of 'None'. 回答1: I was passing the wrong scope value; I had a typo in my tenant name: this.userAgentApplication.acquireTokenSilent('https://{tenantname_with_typo}.onmicrosoft.com/webapi/read') 来源： https://stackoverflow.com/questions/47823447/aadb2c90077-user-does-not-have-an-existing-session

问题 Is it possible to create custom policy to reset password for already known email? I create user using Graph API and send invitation email to the specified email address. I want user to click on the link in that email and just set password for his account. I can create signed token with this email claim and send as assertion to my custom policy. So policy gets email as input claim. I see it in the trace. But I am not able to bypass email verification step in the password reset journey - when I

问题 my angular app has 1000s unique routes and users should be able to click on login button from any of those pages. Have implemented msal.js basing on this sample : https://github.com/Gimly/simpleAngularAzureB2C/blob/master/src/app/authentication.service.ts I am getting following error when calling login method: AADB2C90006:+The+redirect+URI+'http://localhost:39579/unique-uri'+provided+in+the+request+is+not+registered+for+the+client+id+ Is there a way to get around this? Thanks! 回答1: By default

问题 If I use the State parameter to control the RedirectURI as described here: "Why is Redirect URL Fully Qualified in Azure AD B2C?", wouldn't I be susceptible to Open Redirect Vulnerabilities? Haven't I just moved the problem from the RedirectURI to the State parameter? 回答1: State parameter can be used to control redirection AFTER the app is launched again. The token will only go one place (as specified by the redirect URL). After that, the app is securely in control of the token, and can look

问题 I’m using Swagger to make API calls, for authentication I’m able to generate Bearer token but after that I' m getting 401 in response. After checking logs, below is the error: Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed. Unable to match keys: kid: '[PII is hidden]', token: '[PII is hidden]' My ConfigureAuth method is as below: private static void ConfigureAuth(IAppBuilder app) { var metadataEndpoint = string.Format(

问题 Situation I have a web application that is using Azure AD B2C as its authentication. We're using OWIN OpenIdConnect to handle this process. The session timeouts are set to 15 minutes (sessionState in web.config and on our AzureADB2C signin policy) and we have SSO enabled in the policy on the policy level. The session is set to be rolling. The OWIN CookieAuthentication is also using a 15m sliding expiry. The web application is split into multiple parts (virtual folders) but are all sharing the

问题 I got Azure AD B2C up and running in my ASP.NET Core web app. But I wonder what's the best way to actually approve new users when they sign up? Is there anything built-in? Now, anyone can click on Sign-Up link and there you go, you provide your data and click a button. And you're in my tenant Azure AD B2C directory! Now, I'd like to have some control over this. Did I mention every user costs $1/month when you want to customize Azure AD UI??? (as far as I understand it, correct me if I'm wrong

问题 We are building a Xamarin Native mobile apps and using Azure AD B2C for authenticating users using their social logins. We decided use MSAL native library (Xamarin) for authenticating using B2C. And our mobile app required to manage(full access) the signed-in user profile. Since this feature isn't available in MSAL we have decided to go with ADAL for the time being. Followed the instruction provided in the link below and the sample works. But I started experimenting by deleting the API access

问题 I am currently developing an application using AD-B2C as my identity provider. This is integrated into the solution using their guidelines at AD B2C graph, which uses openid-connect (to the best of my understanding at least). I need to use a form of email activation (outside of their register policy) and as such I need to be able to pass a value from the URL in the email, through the sign-up process at B2C and back to the redirection URL. I read somewhere that a parameter called "state" can

问题 I am currently developing an application using AD-B2C as my identity provider. This is integrated into the solution using their guidelines at AD B2C graph, which uses openid-connect (to the best of my understanding at least). I need to use a form of email activation (outside of their register policy) and as such I need to be able to pass a value from the URL in the email, through the sign-up process at B2C and back to the redirection URL. I read somewhere that a parameter called "state" can