CODEWITHSUNDEEP
azureexceptionoauth-2.0azure-ad-b2c
Lee Simpson
Lee Simpson

Reputation: 309

azure b2c - an exception has occurred

I am trying to set up resource owner password credentials flow in Azure AD B2C using https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-ropc

I followed the instructions on the page closely. When I try and log in using Postman, I get the error "AADB2C: An exception has occurred." There seems to be no way of seeing the details of the error, and the standard Azure audit logs are empty.

How do you find the details of these errors?

I have seen that you can configure application insights, but that requires a custom profile (which may be my only option)

Edit - I got it to work, turns out I had the wrong flow policy selected - so if you get this please make sure to triple check it! I would still consider this a bug or poor user experience though as there should be a way to actually debug the error yourself without having to contact Microsoft.

Upvotes: 3

Views: 10931

Answers (2)

Leniel Maccaferri
Leniel Maccaferri

Reputation: 102398

Read some awesome documentation about Azure AD B2C here. Then make sure you download Gaining Expertise with Azure AD B2C.

Check this section: Test and Debug a Custom Policy by Using Application Insights.

I'll paste the content here just in case:

You can use the detailed log information provided by Application Insights to investigate any issues that might occur with a custom policy. Use the following steps to configure IEF to send events directly to Application Insights.

  1. Using Visual Studio, open the SignUpOrSignIn.xml file.
  2. Add the following attribute to the <TrustFrameworkPolicy> element.
    DeploymentMode="Development" UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights"
  1. Under the <RelyingParty> element, add the following <UserJourneyBehaviours> node immediately after <DefaultUserJourney ReferenceId="SignUpOrSignIn" /> element. Replace the bold text with your application Insight Key.
    <UserJourneyBehaviors>
        <JourneyInsights TelemetryEngine="ApplicationInsights" InstrumentationKey="Your Application Insight Instrumentation Key" DeveloperMode="true" ClientEnabled="false" ServerEnabled="true" TelemetryVersion="1.0.0" />
    </UserJourneyBehaviors>

Note the following points:

  • DeveloperMode=true is good for development but constrained at high volumes because it tells Application Insights to expedite the telemetry through the processing pipeline.
  • ClientEnabled="true" will send client-side scripts to Application Insights, for tracking page view and client-side errors
  • ServerEnabled="true" will send the existing UserJourneyRecorder JSON as a custom event to Application Insights

...

  1. Save the file.
  2. Return to the Azure Portal and switch to your B2C tenant. Open the Azure AD B2C Blade and select Identity Experience Framework.
  3. Select Upload policy and upload the SignUpOrSignIn.xml policy file. Select overwrite the policy if it exists.

Check the logs in Application Insights

  1. Select the B2C_1A_signup_signin policy.
  2. Select Run now.
  3. Attempt to sign in as:
  1. In the Azure portal, switch back to your Azure tenant, and open the DemoInsightsForCustomPolicies Application Insights resource.
  2. In the Details/Overview menu, select Analytics.
  3. Open a new tab inside the Application Insights web application.
  4. Use any of the following example queries to view log information.
  • traces: See all of the logs generated by Azure AD B2C
  • traces | where timestamp > ago(1d): See all of the logs generated by Azure AD B2C for the last day
  • traces | count: See how many events have been generated
  • traces | render pie chart: Summarize the data as a pie chart

Note that you might have to wait for a few minutes before logs start appearing in Application Insights.

If necessary, you can download the query results and export them to CSV files if you need to perform a detailed analysis.

You can learn more about performing analytics with Application Insights here.

#######

Following these steps I was able to see the real exception message returned by B2C when executing a custom Password Reset policy. See below:

enter image description here

Upvotes: 5

SunnySun
SunnySun

Reputation: 1935

I tried this, it worked well. The following is my tried in the postman:

enter image description here

Upvotes: 2

Related Questions