question

cbley-2351 avatar image
0 Votes"
cbley-2351 asked cbley-2351 commented

Integrate Azure AD B2C with App Service Authentication

Hi.

We have an App Service running in Azure.

A third party has created an AD B2C for us, provided us with the client id and secret and a profile URLs for signup / signin, edit profile and change password.

Now, we were trying to set up this AD B2C as an Identity Provider in the Authentication blade in the Azure portal for our App Service.

So far so good, requesting /.auth/login/aad?post_login_redirect_url=/user-info in the browser redirects to the login page, but after signing in this error is shown:
```
{"code":401,"message":"An error of type 'unauthorized_client' occurred during the login process: 'AADB2C90057: The provided application is not configured to allow the 'OAuth' Implicit flow.\r\nCorrelation ID: b17d0ae0-...\r\nTimestamp: 2021-05-27 13:05:49Z\r\n'"}
```
How can we configure that the Authentication support in Azure uses the Authorization Flow? Is there an alternative way to integrate AD B2C as an IdP for an App Service somehow?

Thanks!

azure-ad-b2cazure-app-configuration
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered cbley-2351 commented

Hi @cbley-2351 · Thank you for reaching out.

When App Service is configured with Authentication, it by default uses hybrid authentication and request for code+Id_token, and requires you to select the checkbox for ID tokens in the Authentication blade of the Application whose client id you are using. To configure it, navigate to:

Azure Active Directory > App Registrations > Your Application > Authentication >under Implicit grant and hybrid flows section > select the checkbox for ID tokens (used for implicit and hybrid flows).


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @cbley-2351 · Have you had a chance to test it out?

0 Votes 0 ·
cbley-2351 avatar image cbley-2351 amanpreetsingh-msft ·

Hi @amanpreetsingh-msft ,

thanks for your answer, but I cannot change any configuration for the Azure Active Directory, since this is not under our control.

I found that for v1 authentication, I could set "additionalLoginParams": ["response_type=code"] in the resource manager, but my app uses v2. Is this a regression? Should I just use the classic auth instead?

Thanks!

0 Votes 0 ·

Hi @cbley-2351 · At this point both V1 and V2 endpoints are working but Microsoft encourages the use of V2 endpoint. In case of implicit flow, token is acquired from Authorization endpoint (rather than Token endpoint), which is why the checkbox for ID tokens need to be selected. If this can not be done, you need to update your application to use Authorization_Code grant flow or ROPC flow or moving to classic auth are the only options.

0 Votes 0 ·
Show more comments