Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,307 questions
Callback from OAuth server results in 500 Internal Server Error when state payload is added
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 72%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Radosław Ziemniak
11
Reputation points
I have secured my Azure Function endpoint using built-in Easy Auth in Azure Portal.
Due to different tutorials and knowledge from internet + my requirements - I created App Registration in AD B2C with necessery Redirect URIs on Authentication page, I set ADD Authentication for my Azure Function etc..
I wanted to achieve flow where I am using a prepared link that redirects me to the sign-in page, and after successful login redirects me to my Azure Function endpoint.
Using prepared link https://[myAzureFunction]/.auth/login/aad?post_login_redirect_uri=[AzureFunctionEndpoint] I was able to open my B2C policy login page, register user, let him login etc and at the end redirect him to Azure Function Endpoint. But my problem occured on Reset Password user journey.
We have implemented custom policies in our B2C, and we want to use them for all applications, so in the above flow as well. But when I am trying to let the user go through the Reset Password user journey at the end I am receiving a (500) Internal Server Error.
It is like this probably because when B2C call https://[myAzureFunction]/.auth/login/aad/callback then in payload in 'State' parameter 'redir=[myAzureFunctionEndpoint]' is sent.
EasyAuth after clicking the link open page with parameters:
https://[tenant]/[domain]/oauth2/v2.0/authorize
?response_type=code+id_token
&redirect_uri=[myAzureFunction]%2f.auth%2flogin%2faad%2fcallback
&client_id=XXX
&scope=openid+profile+email
&response_mode=form_post
&p=[customPolicy]
&nonce=c639d78ac46e476188e37d9856554c7a_20220428173437
&state=redir%3Dhttps[AzureFunctionEndpoint]
But when I prepared the link in this way:
https://[tenant]/[domain]/[customPolicy]/oauth2/v2.0/authorize?
response_type=code+id_token
&redirect_uri=https[myAzureFunction]%2f.auth%2flogin%2faad%2fcallback
&client_id=XXX
&scope=openid+profile+email
&response_mode=form_post
&nonce=defaultNonce
&state=redir%3Dhttps[myAzureFunctionEndpoint]
I was able to not receive 500 Internal Server Error but always only on the first try. When I am redirected to the login page, parameters were set again in a different way and an Error occurred again.
Is there something that I can configure to resolve my problem? I believe that the above is caused by the EasyAuth implementation bug, but maybe there is some way to achieve similar functionality in another way?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 33%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
MughundhanRaveendran-MSFT 12,431 Reputation points2022-06-08T05:05:16.46+00:00 I would suggest you to open a support request with Microsoft to resolve this issue. Please let me know if you have any support plan
-
Radosław Ziemniak 11 Reputation points
2022-06-08T07:53:58.903+00:00 Support request is already created, we provide the necessary information and wait for the problem to be resolved.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 74%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
Jones Prabu 1 Reputation point2022-08-31T12:32:08.87+00:00 is there any update on this issue, i am facing the exact issue. How to solve this?
-
Radosław Ziemniak 11 Reputation points
2022-08-31T14:06:18.017+00:00 We implemented Embedded reset password policy instead of having it as separate file/policy. It was solution for us.
https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-password-reset-policy?pivots=b2c-custom-policy
You can read above article, but don't be supprised as the article itself may not be enough and you may have to figure out some things
Sign in to comment