Adventures in AAD B2C: Part 2

/ Heimdall

So after getting everything working by the book, I decided to break everything and see how much trouble I could get into by doing it from memory. Well trouble ahoy!

After working through all the issues that I ran into I decided to break down everything that needs to be created and how it all works. The below diagram should help illustrate this. It’s important to understand how this works. Otherwise, troubleshooting can be very frustrating.

Issue #1: Missing Redirect in AAD B2C App Registration

Ran into this weird issue after I deleted my original app registration to “start over”.

This was easily solved by adding my Redirect URI back in like this:
Select “add a platform”

Select “Mobile and Desktop applications”

Select the native client URI

This is what your configuration will look like now:

Issue #2: No AAD [Non-B2C] App Registration

Well I no no longer see the previous error but now we have a new one:

It’s not super helpful but it seems somehow related to my B2C app in some way. I thought it might be due to this flag not being set:

But even after enabling “public client flows” I still received that error.

When I look at the manifest for my app registration I noticed that implicit flow was disabled.

I thought this was strange so I tried downloading the Manifest, manually setting the implicit flow flags to true and re-uploading. This did not work so I reverted. It turns out, it was not related to my B2C app at all. I need to have an AAD app registration in my AAD tenant. So I had to switch directories and go back to my true AAD tenant and create a new app registration. Seems I missed this documentation.

Issue #3: Incorrectly configured AAD App Registration

After I setup the AAD app registration again and re-configured the Microsoft Accounts IdPit worked. Kind of. I was able to login but I could not get a bearer token. So the authentication didn’t work all the way. Which, I guess, is kind of important.

AADB2C90289: We encountered an error connecting to the identity provider. Please try again later.

Some internet strangers seemed to think it was 99% likely that my client secret was incorrect within my AAD application. But it turns out I accidentally setup the AAD application with “Mobile and Desktop platforms” when it needed to be a Web based authentication.

Finally, we are back in business!

Now I’ll go delete everything and try it again. 🙂

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s