Azure AD B2C (NodeJS): Unauthorized 401 error for a request with a valid token

Question

I'm using Azure AD B2C for authentication for my NodeJS API. However, I keep receiving a 401 Unauthorized error by Azure AD B2C. When I add ignoreExpiration: true to my AAD auth options, I do not get a 401 Unauthorized error and my API works fine. However, once I remove the ignoreExpiration, I get the 401 Unauthorized error.

I even generated a new token, verified that it is valid (and not expired) by decoding the token using https://jwt.io/. I even made sure it has the correct scope.

The API is running on my machine for now as I'm testing it using POSTMAN. Can someone please help? Here is what my AAD options looks like:

var aad_auth_options = { identityMetadata: process.env.AADMetadataEndpoint, clientID: process.env.ClientId, audience: process.env.AADAudience, isB2C: true, validateIssuer: false, loggingLevel: 'info', passReqToCallback: false, policyName: process.env.PolicyName, // ignoreExpiration: true, //When uncommented, the authentication works as expected! loggingNoPII: false }

Answer 1

I have tried with the below options, it worked for me.

var options = {
    identityMetadata: "https://login.microsoftonline.com/" + tenantID + "/v2.0/.well-known/openid-configuration/",
    clientID: clientID,
    policyName: policyName,
    isB2C: true,
    validateIssuer: true,
    loggingLevel: 'info',
    passReqToCallback: false
};

You can pass the audience too.. Repository i used for testing is mentioned below-

https://github.com/Azure-Samples/active-directory-b2c-javascript-nodejs-webapi/blob/master/index.js

Note:- I have used AD B2C User flow instead of custom policies.

Can you please try and see if it works.

Hope it helps.