Reputation: 2465
Add variables to reply URLs in Azure B2C
I am trying to set the redirect_uri in Azure B2C. I have a language field in the Url like this:
https://mydomain/de-de/projects
https://mydomain/en-us/projects
https://mydomain/sv-se/projects
https://mydomain/ar-sa/projects
...
and to be correctly redirected, I have to add all the possibilities to the B2C Reply URLs and I am only limited to 20 max.
Is there a way to add variables to the redirect_uri? Something like:
where ":lang" is a variable the could take any value.
////////////////////////////////////
Solution
The tricky solution was to manipulate the state and inject it with the returned URL due to the fact that it will be sent back after the login/signup response. createLoginUrl() method:
let url = that.loginUrl
+ '?response_type='
+ response_type
+ '&client_id='
+ encodeURIComponent(that.clientId)
+ '&state='
+ encodeURIComponent((state) + 'url' + returnedUrl)
+ '&redirect_uri='
+ encodeURIComponent(window.location.origin)
+ '&scope='
+ encodeURIComponent(that.scope);
so here I split the state with 'url' word so I can read it again after the response came.
encodeURIComponent((state) + 'url' + returnedUrl)
An important details redirect_uri, it should be the same origin:
'&redirect_uri=' + encodeURIComponent(window.location.origin)
and this URL should be added to the returned URL in Azure B2C application.
Now I can split it again in tryLogin() method:
const statePartsWithUrl = (parts['state'] + '').split('url');
window.location.href = statePartsWithUrl[1];
and it works perfectly.
////-------------------------------------
Edit : 1.2.2019
const statePartsWithUrl = (parts['state'] + '').split('url');
let state = '';
let returnedUrl = '';
if (statePartsWithUrl != null) {
state = statePartsWithUrl[0];
returnedUrl = statePartsWithUrl[1];
}
Here is the splitting of the state to read the information from it in method tryLogin(options)
Upvotes: 4
Views: 1430
Answers (1)
Reputation: 58743
Yeah so as you found out, you can't currently add wildcards to reply URLs in B2C.
This may be due to security concerns defined in the OAuth 2.0 Threat Model and Security Considerations RFC. In it, the suggested counter-measure against Open Redirect Attacks is to have the client register the full redirect URI.
There is also no way to create apps programmatically: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/19975480-programmatically-register-b2c-applications.
So sadly the manual way is the only way at the moment. But be sure to go upvote the feature request on User Voice.
I actually even tried to manually edit an app via Graph Explorer:
{
"odata.error": {
"code": "Request_BadRequest",
"message": {
"lang": "en",
"value": "Updates to converged applications are not allowed in this version."
},
"date": "2018-01-08T12:00:00",
"requestId": "208e7159-d459-42ec-8bb7-000000000000",
"values": null
}
}
As you suggested in the comments, one way to work around this problem would be to use a single static redirect URI and keep the language/culture in the state/a cookie, and then do the redirect to the language-specific version after the user is returned to the app.
Upvotes: 3
Related Questions
- How to add reply URI with parameters in Azure AD Redirect URIs?
- How to edit reply URL in Azure B2C user flow
- How can I pass a custom value to Azure AD B2C and need to return that parameter along with the response or with the common Redirect URI?
- Azure B2C - Multiple Reply Url
- How do i include email in the redirect to AZURE AD B2C
- Specifying multiple/wild card reply urls in Azure AD B2C
- Azure AD B2C reply url to wildcard URL
- Azure AD reply url: how to add several urls when using openid connect auth
- Azure AD B2C Reply URL
- Azure AD B2C add parameter in reply url