问题
I'm trying to integrate a custom OpenID Connect Identity Provider in Azure AD B2C using custom policies. However, after being redirected back from the IdP with an authorization code, the custom user flow fails with the following error (using MSAL.js):
login failure {"_error":"server_error","_errorDesc":"AADB2C90289: We encountered an error connecting to the identity provider. Please try again later.\r\nCorrelation ID: 97809cc4-04e8-47a3-9263-de57260e7979\r\nTimestamp: 2019-07-18 15:47:32Z\r\n","_scopes":""}
I've enabled logging to Application Insights, but the only thing relevant I could find was:
{
""Kind"": ""HandlerResult"",
""Content"": {
""Result"": true,
""RecorderRecord"": {
""Values"": [
{
""Key"": ""SendErrorTechnicalProfile"",
""Value"": ""OAuth2ProtocolProvider""
},
{
""Key"": ""Exception"",
""Value"": {
""Kind"": ""Handled"",
""HResult"": ""80131500"",
""Message"": ""We encountered an error connecting to the identity provider. Please try again later."",
""Data"": {
""IsPolicySpecificError"": false
}
}
}
]
},
""Statebag"": {
""SE"": {
""c"": ""2019-07-18T13:46:21.1438143Z"",
""k"": ""SE"",
""v"": """",
""p"": true
}
}
}
},
Is there a way to log the actual network calls made to the Idp to see what is wrong? The Idp is not under my control, so I cannot log them there.
回答1:
While I didn't find a way to log more info, I was able to solve my issue by using a reverse proxy to intercept all calls to the external IdP. This revealed that b2c was using client_secret_post to fetch the access token, while the IdP only supported client_secret_basic.
来源:https://stackoverflow.com/questions/57109533/logging-calls-to-identity-provider-with-custom-policies-in-azure-ad-b2c