-
Notifications
You must be signed in to change notification settings - Fork 218
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]Template IndividualAuth B2C Password reset uses default policy #467
Comments
AnalysisWhat happens, is that in context.ProtocolMessage.ResponseType = OpenIdConnectResponseType.CodeIdToken; microsoft-identity-web/src/Microsoft.Identity.Web/AzureADB2COpenIDConnectEventHandlers.cs Line 35 in e83d7bb
When the code is received, Microsoft.Identity.Web does not try to redeem it (because Startup.cs does not contain Suggestion to fix itIn: microsoft-identity-web/src/Microsoft.Identity.Web/AzureADB2COpenIDConnectEventHandlers.cs Line 35 in e83d7bb
I suggest we request @jennyf19 : raising it to P1 and assigning it to the next milestone as this also accept the Edit Profile scenario in a b2C web app that just signs-in users. |
included in 0.3.1-preview release. |
Repro:
fail: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler[12]
Message contains error: 'access_denied', error_description: 'AADB2C90118: The user has forgotten their password.
Correlation ID: e561adb9-d909-498c-8b1b-4da8d5174f4f
Timestamp: 2020-08-18 01:47:01Z
', error_uri: 'error_uri is null'.
fail: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler[52]
Message contains error: 'invalid_grant', error_description: 'AADB2C90088: The provided grant has not been issued for this endpoint.
Actual Value : B2C_1_SUSI and Expected Value : B2C_1_reset
Correlation ID: aa3a12fd-2ca4-46f4-b9d7-648236f5a83c
Timestamp: 2020-08-18 01:48:26Z
', error_uri: 'error_uri is null', status code '400'.
fail: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler[17]
Exception occurred while processing message.
Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Message contains error: 'invalid_grant', error_description: 'AADB2C90088: The provided grant has not been issued for this endpoint.
Actual Value : B2C_1_SUSI and Expected Value : B2C_1_reset
Correlation ID: aa3a12fd-2ca4-46f4-b9d7-648236f5a83c
Timestamp: 2020-08-18 01:48:26Z
', error_uri: 'error_uri is null'.
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()
Note that the policy is the default, and not the password reset, so we are hitting the wrong authorization server.
Workaround:
Add the token cache implementation in startup.cs:
and then in appsettings.json, include a client secret.
The text was updated successfully, but these errors were encountered: