CODEWITHSUNDEEP
oauth-2.0azure-ad-b2c-custom-policyazure-ad-b2b
jprmsn
jprmsn

Reputation: 35

"An invalid OAuth response was received" from azure adb2c custom policy oauth2

I'm implementing SSO via an ADB2C custom policy doing an oauth2 flow. I get the auth code, but when I go to get the access token, I get "An invalid OAuth Response was received" with a null value from ClaimsExchangeMessageValidationHandler I've been able to replicate this flow with curl, and I've also pointed the access token endpoint to a proxy server to look at what is being sent and all looks good. I'm thinking this is just a configuration issue regarding the access token. My access token is returned in json format.

My TrustFrameworkExtensions.xml includes the following:

   <ClaimsSchema>
      <ClaimType Id="identityProviderAccessToken">
        <DisplayName>Identity Provider Access Token</DisplayName>
        <DataType>string</DataType>
        <AdminHelpText>Stores the access token of the identity provider.</AdminHelpText>
      </ClaimType>
   </ClaimsSchema>
...
    <ClaimsProvider>
      <DisplayName>NeonCRM</DisplayName>
      <TechnicalProfiles>
        <TechnicalProfile Id="NeonCRM-OAuth2">
          <DisplayName>NeonCRM</DisplayName>
          <Protocol Name="OAuth2" />
          <Metadata>
            <Item Key="client_id">xxxx</Item>
            <Item Key="ProviderName">NeonCRM</Item>
            <Item Key="authorization_endpoint">.../oauth/auth</Item>
            <Item Key="AccessTokenEndpoint">.../oauth/token</Item>
            <Item Key="token_endpoint_auth_method">client_secret_post</Item>            
            <Item Key="HttpBinding">POST</Item>
            <Item Key="AccessTokenResponseFormat">json</Item>            
            <Item Key="UsePolicyInRedirectUri">false</Item>
          </Metadata>
          <CryptographicKeys>
            <Key Id="client_secret" StorageReferenceId="B2C_1A_NeonSandboxClientSecret" />
          </CryptographicKeys>
          <OutputClaims>
            <OutputClaim ClaimTypeReferenceId="identityProviderAccessToken" PartnerClaimType="{oauth2:access_token}" />
          </OutputClaims>          
        </TechnicalProfile>
      </TechnicalProfiles>
    </ClaimsProvider>

I appreciate any assistance. TIA. John

Upvotes: 0

Views: 225

Answers (1)

jprmsn
jprmsn

Reputation: 35

The problem was indeed that the claims endpoint did not exist. I created a proxy for it to call and defaulted values and it's now working.

Upvotes: 0

Related Questions