Reputation: 31
AzureB2C Custom Policy: Invalid request the provided id_token_hint parameter does not contain an accepted issuer
I just followed the tutorial on the page and created a certificate and exposed it to the azure portal. I also uploaded the policy files and modified them with my tenant. I'm running the application on my localhost, but when I wanna browse to that link, I got following error in jwt.ms:
AADB2C90232: The provided id_token_hint parameter does not contain an accepted issuer. Please provide another token and try again. Correlation ID: 1f9cd754-7033-40ea-91a2-b2f91b867fb9 Timestamp: 2020-06-29 13:05:18Z
I saw that the issuer in the the token is related to localhost:
{
"alg": "RS256",
"kid": "1D8082E33223E5EA5094B62B4BB5B3944779D3AD",
"x5t": "HYCC4zIj5epQlLYrS7WzlEd5060",
"typ": "JWT"
}.{
"name": "Western Miller",
"email": "[email protected]",
"nbf": 1593436327,
"exp": 1594041127,
"iss": "https://localhost:44351/",
"aud": "ba6d05ab-ec87-4d04-b83f-dc62ebb727d8"
}.[Signature]
Anyone who knows what I need to place in the iss that's working by just running locally?
Upvotes: 3
Views: 3159
Answers (2)
Reputation: 19
Jas Suri's answer is correct. I'd like to add though that when you make the change in the policy and upload it and run the workflow, you may still see the error. For some reason I was experiencing a frustrating amount of what seems like caching, and it took several tries for my change to "take".
Upvotes: 0
Reputation: 11315
This occurs when the id_token_hint you generate in your web service contains an issuer claim (iss), that is not accepted by the id token hint technical profile.
See in the below XML, that the issuer item must contain a string that matches exactly your iss claim in the generated id_token_hint.
<TechnicalProfiles>
<TechnicalProfile Id="IdTokenHint_ExtractClaims">
<DisplayName> My ID Token Hint TechnicalProfile</DisplayName>
<Protocol Name="None" />
<Metadata>
<!--Sample action required: replace with your endpoint location -->
<Item Key="METADATA">https://your-app.azurewebsites.net/.well-known/openid-configuration</Item>
<Item Key="IdTokenAudience">your_optional_audience_override</Item>
<Item Key="issuer">your_optional_token_issuer_override</Item>
</Metadata>
You should put https://localhost:44351/ in the issuer metadata item.
Upvotes: 3
Related Questions
- Access token not working Azure AD custom policy
- Azure B2c error 'Unable to validate the information provided.' when using custom attributes
- Azure B2C - The provided token does not contain a valid issuer
- Azure B2c custom attributes in custom policies do not come in the token
- Azure B2C Custom Policy Authorize endpoint giving 404
- Only "email" field can be passed via "id_token_hint" to B2C custom policy
- Azure B2C Custom Policies OpenId-Configuration Error AADB2C90022
- Azure AD B2C Internal Error uploading Custom Policy
- Azure B2C Custom Policies: Invalid Request, client secret error
- Azure B2C Sample Custom Policy, When SignIng In Shows 'Your password is incorrect'