Reputation: 21
How to add basic access authentication using Azure AD B2C?
I am trying to configure Azure B2C, so that users can sign up/in through an OpenID connect provider. I am using custom policies. I have the client id and the client secret, they are valid, I tested them using Postman, and I am getting the access token when using Postman.
However when I try to sign in through B2C(using the OpenId connect provider), I always get the following error:
An exception was caught when making a request to URL "{token endpoint}" using method "POST". The exception status code was "Unauthorized".
I found out, that the identity provider needs basic access authentication when calling the token endpoint. So when B2C is making a request to the token endpoint it needs to have a request header in the following format:
Authorization: Basic {base64 encoding of client_id:client_secret}
Is it possible somehow, to have B2C use basic auth, so it is adding the authorization header when making a request to the token endpoint URL?
Update:
I have a B2C tenant, and I added an OpenID Connect provider as claimsprovider using custom policies. I would like to create an account in the directory using the OpenID Connect provider, such as the Facebook one. I want to make it possible to sign up/in to my application using the account coming through this provider. The problem is that the OpenID Connect provider needs http basic auth, when asked for a token, during the sign up procedure. Using Postman, this protocol manually works fine.
Do I need to manually implement the flow of the auth code grant between B2C and the third-party IDP using REST type technical profiles?
Upvotes: 2
Views: 2685
Answers (2)
Reputation: 11
Specify client_secret_basic in the metadata for your OpenIdConnect Identity Provider in Custom Policy. This is essentially basic authentication:
<Item Key="DiscoverMetadataByTokenIssuer">false</Item>
<Item Key="token_endpoint_auth_method">client_secret_basic</Item>
https://learn.microsoft.com/en-us/azure/active-directory-b2c/openid-connect-technical-profile
Upvotes: 1
Reputation: 2102
Azure AD B2C sends an HTTP request with the client credentials in the Authorization header. The credentials are formatted as the base64-encoded string "name:password".
To get HTTP Basic Authentication working, you need to follow below documents
Upvotes: 0
Related Questions
- Authorization Azure AD B2C
- Azure AD B2C add generic oauth identity provider
- Authenticate Azure AD User Using Azure B2C
- How to add authentication on Azure Web App using Authentication feature via Azure AD B2C?
- Configure Azure AD B2C as Auth Provider in Salesforce
- Azure B2C Authorisation (Not Authentication)
- Azure B2C secure API MFA
- Azure AD B2C authentication
- Azure B2C authentication and admin login
- Authenticating as a Service with Azure AD B2C