I try to connect my azure B2C to Facebook login. I read this
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-fb-app
But I still receive this error when Azure transfer me to Facebook:
Blocked URL: This redirection failed because the redirection URI is not allowed in the OAuth client settings of the application. Make sure OAuth client and web credentials are enabled and add all domains in your app as valid OAuth Redirect URLs.
I try to add several URI under Facebook -> Product -> Login -> Settings -> Valid OAuth Redirect URIs. I try this:
https://b2ctenant.b2clogin.com/b2ctenant.onmicrosoft.com/oauth2/authresp
https://login.microsoftonline.com/b2ctenant.onmicrosoft.com/oauth2/authresp
https://sitename.azurewebsites.net/.auth/login/facebook/calklback
https://sitename.azurewebsite.net
I am out of idea...
You can use the following domains with Azure AD B2C:
your-tenant-name.b2clogin.com (recommended)
login.microsoftonline.com
If you're using the your-tenant-name.b2clogin.com domain with Azure AD B2C, then the redirection URL that is registered for Azure AD B2C in Facebook must be set to:
https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp
If you're using the login.microsoftonline.com domain with Azure AD B2C, then the redirection URL that is registered for Azure AD B2C in Facebook must be set to:
https://login.microsoftonline.com/te/your-tenant-name.onmicrosoft.com/oauth2/authresp
(Note the /te path in the redirection URL.)
Related
I am integrating AD B2C as Identity provider for the FreshWorks by configuring SSO with OIDC in the Freshworks.
Configuration done in the Azure AD B2C:
Registered an application in the AD B2C Tenant
a. Get the redirect URL from Freshworks SSO with OIDC and added in the Redirect URI in the registered application
b. Id Tokens and Access Tokens check box is selected.
c. Enabled the public client.
d. Generate the client secret for the application
Added Microsoft as external IdP in the AD B2C tenant. Only one external IdP is enabled, local account is not enabled.
Created a SignupSign User flow
Tested the User flow, able to signup and sign-in using Microsoft Account (personal account). JWT token is generated with the claims sub, email, name.
Configuration done in the SSO with OIDC:
Get the ClientId and Client Secret of the Application registered in the AD B2C tenant and added in the SSO with OIDC configuration dialog
Navigate to AD B2C signup sign-in user flow OIDC configuration url and get the authorization_endpoint and token_endpoint, added those two in the SSO with OIDC configuration dialog
set the scopes as openid,email,profile
After doing all the above configurations, a new button is added in the freshworks login page. I have clicked that button, it navigates to the microsoft login page, after providing credentials and accepted the consent, it shows a form with profile information.
On clicking the continue button an account is created in the AD and redirected to the Freshwork page. It shows the below error in the freshworks login page.
The authorization code request is working, AD B2C post the authorization code to the freshwork redirect url. I hope the issue is with the get access token endpoint URL. I have tried the Get access token endpoint from the postman using the authorization code received from the first request, it gives the access token.
The postman screenshot mentioned is showing the IDToken and your freshworks application expect access token. Could you please validate the user flow with access token settings and also use the postman tool to get the access token. Please follow the below document for more requests.
https://learn.microsoft.com/en-us/azure/active-directory-b2c/openid-connect
I am configuring Azure B2C with Tableau using SAML protocol. How do I expose the password reset user journey? I can't do it from the portal and the policy URL doesn't load in the browser either.
When using a SAML SaaS app where the forgot password error cannot be handled, you can use this sample which embeds the password reset steps into the sign in journey.
https://github.com/azure-ad-b2c/samples/tree/master/policies/embedded-password-reset
We have an application that uses MSAL.js to authenticate customers to their Azure Active Directories via Active Directory B2C. In the future we will introduce other IDPs in the mix and connect them to the B2C as well. B2C is configured via custom policies. SSO session scope is currently set to Tenant.
The issue is that when user logs out of the application (and we call MSAL.js logout) I can see their ID and Access tokens are gone from the browser Local Storage, but they are are still logged in to their Azure AD because of other apps using it. So next time they login to the app B2C will not prompt them for credentials and automatically sign them in as long as they have AAD session active. I understand this is by design for B2C to support SSO, and we want SSO. However is there a way for a new user with different credentials to login fresh after the previous user logs out in the same browser session?
Set the prompt param to login. EG:
GET https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/authorize? prompt=login
Or using MSAL.js:
var request = {
prompt: 'login',
}
userAgentApplication.loginRedirect(request);
I am using cordova-plugin-ms-adal-b2c-patch- cordova plugin with Azure b2c
I created a facebook developer account with the relevant definitions from here
The domain is : https://login.microsoftonline.com
The redirect URI is : https://login.microsoftonline.com/te/{{My tenent}}/oauth2/authresp
On the first login it worked from the second it stopped working with the following error:
Authorization code not exchanged for token
I am trying to integrate my client application with ServiceNow using OAuth 2.0 authentication. In servicenow documentation for REST apis i have seen that we have to register our client with servicenow to get clientid and clientsecret for OAuth 2.0 resource owner password authentication. In the document to register the application we have to navigate to System OAuth > Application Registry in servicenow, but in my servicenow instance System OAuth > Application Registry is not present. How should i proceed to get the clientid and clientsecret
It sounds like the OAuth 2.0 plugin may not be active on your instance.
Got to: https://YOURINSTANCE/v_plugin_list.do?sysparm_query=GOTOname%3E%3Doauth and make sure it is Active
Also in your System Properties, make sure that OAuth is turned on.
This URL: sys_properties_list.do?sysparm_query=GOTOname%3E%3Dcom.snc.platform.security.oauth.is.active
Also check out the wiki for any further clarification:
Good luck!
Steps to create and app and get client id/client secret.
Log into ServiceNow. Make sure you have an admin user login.
You need to navigate to System OAuth > Application Registry. Click New.
Easiest way is to search for "Application Registry"to register an OAuth client application in ServiceNow interceptor page, click Create an OAuth API endpoint for external clients. Fill out the fields, as appropriate.
Step 1
Step 2
Name - e.g. MyApp
If you leave the "Client Secret" as blank that will be the admin password by default (I won't recommend this)
Step 3
Additional Info:
Note that the refresh token expires in 100 days (8,640,000 seconds).
You can update the “Refresh Token Lifespan” to “2,147,483,647” (maximum value allowed by ServiceNow) to have a longer expiry for refreshtoken.
More Details - http://wiki.servicenow.com/index.php?title=OAuth_Setup#gsc.tab=0
• Click Submit.
Make sure tables you access via the api are allowed for web service access. Go to System Definition > Tables and locate your table (e.g. “sys-user”). Make sure “Allow access to this table via web services” checkbox is ticked. By default this is enabled.
Provide your Servicenow admin account username and password with the ClientId and ClientSecret to authorise your app to connect to ServiceNow.