MarinaGurevich-9989 avatar image
0 Votes"
MarinaGurevich-9989 asked MarinaGurevich-9989 edited

B2C Custom Policy error with client certificates

I am using B2C custom policies to federate to the external Azure AD Identity Provider. I was successful before when federating with client secrets, but trying to switch to certificates now, and getting an error "No url encoding for asymmetric keys". Here is what I did as a Proof Of Concept:

  • Generated a new self-signed certificate in Azure keyvault

  • Exported it into the .pfx and .cer files.

  • In B2C created a Policy key and uploaded the .pfx certificate there

  • In custom policy referenced that policy key

<Key Id="client_secret" StorageReferenceId="B2C_1A_MyB2CPolicy" />

  • In Azure AD app registration under Certificates and Secrets uploaded the .cer file (with public key)

  • Tried to connect using MSAL.js

  • Received a "server error" with correlation id, which in appinsights shows up as

    "Key": "SendErrorTechnicalProfile",
    "Value": "OpenIdConnectProtocolProvider"
    "Key": "Exception",
    "Value": {
    "Kind": "Handled",
    "HResult": "80131500",
    "Message": "An invalid OAuth response was received: \"{0}\".",
    "Data": {
    "IsPolicySpecificError": false
    "Exception": {
    "Kind": "Handled",
    "HResult": "80131515",
    "Message": "No url encoding for asymmetric keys",
    "Data": {}

What am I doing wrong?

Also, is there any documentation on how to do it?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

0 Answers