Needs Guidance on AAD B2C User Flows such as Forgot Password for Blazor WebAssembly Stand Alone

[chrislangston]

Before you open an issue

If the issue is with an ASP.NET Core document:

• Do not open a new issue using this form.
• Open the issue with the This page button and form at the bottom of the document's page.

Using the This page button and form to open an issue:

• Adds article metadata for tracking, which indicates the article that you're commenting on.
• Automatically notifies the article's author about your issue.

If the issue is:

• A simple typo or similar correction, you can submit a PR. See the contributor guide for instructions.
• A general support question, consider asking on a support forum site.
• A site design concern, create an issue at MicrosoftDocs/Feedback.
• A problem completing a tutorial, compare your code with the completed sample.
• A duplicate of an open or closed issue, leave a comment on that issue.

Issue description

https://docs.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/standalone-with-azure-active-directory-b2c?view=aspnetcore-5.0#custom-user-flows

The included documentation leaves it very unclear on what the developer must do in order to support very typical B2C flows for users (e.g. Forgot Password, Registration, Edit Profile). It only states "Create custom user flows in developer code."

The B2C User Flow for signin and signup includes a link for "Forgot Password". This will send a redirect back to the Blazor WASM application with an error property in the querystring such as you see below.

https://localhost:5001/authentication/login-callback#error=access_denied&error_description=AADB2C90118%3a+The+user+has+forgotten+their+password.%0d%0aCorrelation+ID%3a+6e6935b7-b602-4228-b658-1c3e942fcc57%0d%0aTimestamp%3a+2020-11-25+18%3a56%3a40Z%0d%0a&state={SOME STATE VALUE}

I do not see any way to intercept this callback and extract the querystring in order to properly handle this typical user behavior.

How do you intercept this callback using the RemoteAuthenticatorView component and/or the MSAL Javascript library? Can you provide guidance on how to interact with these responses using the provided Blazor Components?

This is for Standalone Blazor WebAssembly using Azure AD BC2.

Software versions

Check the .NET target framework(s) being used, and include the version number(s).

• .NET Core
• [*] .NET 5.0 or later
• .NET Framework
• .NET Standard

If using the .NET Core SDK, include dotnet --info output. If using .NET Framework without the .NET Core SDK, include info from Visual Studio's Help > About Microsoft Visual Studio dialog.

dotnet --info output or About VS info

.NET SDK (reflecting any global.json):
Version: 5.0.100
Commit: 5044b93829

Runtime Environment:
OS Name: Windows
OS Version: 10.0.19041
OS Platform: Windows
RID: win10-x64
Base Path: C:\Program Files\dotnet\sdk\5.0.100\

Host (useful for support):
Version: 5.0.0
Commit: cf258a14b7

[guardrex]

@chrislangston ... Please use the This page feedback button and form at the bottom of the English-US topic to open issues for this repo.

As I said on #20583, we (on the docs team) can't provide this level of product support (i.e., workarounds). The product unit has to resolve dotnet/aspnetcore#27549 before we have anything to document. Consult with devs on support channels for their approaches ...

• Stack Overflow (tag: blazor)
• ASP.NET Core Slack Team
• Blazor Gitter

[guardrex]

btw - One approach that might work is if you use the Azure docs to create direct links to user flows. There's an example here that MIGHT work. This is not supported for Blazor apps and is definitely 💀 Use at your own RISK! 💀

#18600 (comment)