azure-ad-b2c

Almost have this working. Almost. My set up is that I have an Azure B2C Tenant set up, and some modified example code that I've changed to reflect the Tenant information. This all works fine locally, with a localhost uri. My remote set up is a Ubuntu 16.01 server, with a Nginx 1.10.0 webserver acting as a reverse proxy to a .NET Core 1.0.4 and all with a LetsEncrypt SSL cert. The proxy serves .NET projects fine, however when I hit the sign in it takes me over to the B2C login with an incorrect redirect_url. I'd expect the value to reflect what is in the settings file, "https.sub.host.suffix

Following on from JavaScript OAuth2 flow for Azure AD v2 login does not give an access_token , I'm trying to figure out the best endpoint to use, to get the logged in users details (eg, display name, email, etc.). However, I noticed in there are 2 potential endpoints I can use https://outlook.office.com/api/v2.0/me https://graph.microsoft.com/v1.0/me 1, is used in bell for hapijs and is documented in Use the Outlook REST API . However, in bell, I can't seem to figure out the scope I need to get it working for OAuth 2.0. I've tried openid , email , profile , Mail.Read (only trying this because

AD FS is configured with custom policies as a claims provider on Azure AD B2C using WS-Federation and SAML. The relying party on Azure AD B2C is using OpenID Connect. Is it possible to do front-channel single logout initiated through OpenID Connect? OpenID Connect Front-Channel Logout 1.0 - draft 02: http://openid.net/specs/openid-connect-frontchannel-1_0-ID1.html Single logout is initiated from the relying party using OpenID Connect and continued through Azure AD B2C using WS-Federation and reaching the AD FS. Thereby terminating the session in both the relying party, Azure AD B2C and AD FS.

From the Class UserAgentApplication documentation there is a reference to STS. What is STS? acquireTokenSilent: Used to get the token from cache. MSAL will return the cached token if it is not expired. Or it will send a request to the STS to obtain an access_token using a hidden iframe. To renew idToken, clientId should be passed as the only scope in the scopes array. STS stands for the Security Token Service . In the context of the standard OAuth protocol , it basically maps to the Authorization Server which issues tokens to the applications after authentication and authorization. In Azure AD

If I use the State parameter to control the RedirectURI as described here: "Why is Redirect URL Fully Qualified in Azure AD B2C?" , wouldn't I be susceptible to Open Redirect Vulnerabilities ? Haven't I just moved the problem from the RedirectURI to the State parameter? State parameter can be used to control redirection AFTER the app is launched again. The token will only go one place (as specified by the redirect URL). After that, the app is securely in control of the token, and can look at the state parameter to determine whether the user/token should be going to a different place. This is

I am trying to use Azure AD B2C to authenticate users of an Angular2 single-page app. I understand I can use the UI (either default or customized) that is associated with each Azure AD B2C policy. For a number of reasons I am not happy with the Azure AD B2C UI (or the effort required to customize it). Therefore I'd like to use my own UI within my app that would just make calls to Azure AD B2C. Is that possible? If so, how? I have looked at Azure AD B2C Custom Policies, but I an not sure if those still use the default (or customized) Azure AD B2C UI. At this time, the only way to authenticate