Comments (5)
JasSuri
commented on July 21, 2024
Share a copy of the id_token_hint here, and also share your id token hint technical profile. Do not censor it.
from samples.
stephenstroud
commented on July 21, 2024
https://homingpigeon.b2clogin.com/homingpigeon.onmicrosoft.com/B2C_1A_signup_invitation/oauth2/v2.0/authorize?client_id=20590fb4-60f8-4c6b-bbd3-8bc79a375f1a&nonce=abe9d6ab1d0c421fa88dc9e7682636b8&redirect_uri=https%3A%2F%2Fjwt.ms&scope=openid&response_type=id_token&id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IjdGNjMzNDJBMTkzMDI2MjRFMkVFM0U2QzA2RTJBNUY4NkZGRTlERkIiLCJ4NXQiOiJmMk0wS2hrd0ppVGk3ajVzQnVLbC1HXy1uZnMiLCJ0eXAiOiJKV1QifQ.eyJuYW1lIjoiV2VzdGVybiBNaWxsZXIiLCJlbWFpbCI6ImhvbWluZ3BpZ2VvbkBleGFtcGxlLmNvbSIsIm5iZiI6MTU4OTIyMTcwNiwiZXhwIjoxNTg5ODI2NTA2LCJpc3MiOiJodHRwczovL2hvbWluZ3BpZ2Vvbi5vbm1pY3Jvc29mdC5jb20vIiwiYXVkIjoiMjA1OTBmYjQtNjBmOC00YzZiLWJiZDMtOGJjNzlhMzc1ZjFhIn0.DX8wtmCnJwpn2vW_uXdHOkHH6v60b5m-I92cDqH502bygQlSMyDBuZofno6KUugivIH2zDhH1T4CU9LTs7I1acj0i-vl3WFTooSOdJRT07PsH80hxISJdp5wJp2F38sxeX2oh-dOcupun9hJi0vjYMy5p5TB1Yqw3R2W809dnhhcx0EgaODpGsJBsSQtzm56MajOX0oyXs3Ol4RRxv28ylxwWY9cYDBB9Lxr-EQut6cJ13vtS2r2I9l6Cy0WEVGksJF545DusBWFBl7uDs0x7QGf525ULX_JPbXM_vqY7LBeppij1DiTMwxQ6D70lya4SOzvHqpebSZyE7bNoyU1CQ
<ClaimsProvider>
<DisplayName>My ID Token Hint ClaimsProvider</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="IdTokenHint_ExtractClaims">
<DisplayName> My ID Token Hint TechnicalProfile</DisplayName>
<Protocol Name="None" />
<Metadata>
<!--Sample action required: replace with your endpoint location -->
<Item Key="METADATA">https://homingpigeon.b2clogin.com/homingpigeon.onmicrosoft.com/B2C_1A_signup_invitation/v2.0/.well-known/openid-configuration</Item>
<!-- <Item Key="IdTokenAudience">your_optional_audience_override</Item> -->
<!-- <Item Key="issuer">your_optional_audience_override</Item>-->
</Metadata>
<OutputClaims>
<!--Sample: Read the email cliam from the id_token_hint-->
<OutputClaim ClaimTypeReferenceId="email" />
</OutputClaims>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
from samples.
stephenstroud
commented on July 21, 2024
@JasSuri Looks like I figured it out thanks to your prompt - however, I'm still having issues with the issuer. I'm issuing from an Azure function and using the .well-known/openid-configuration URL which is displayed within the endpoint section of the Azure B2C GUI. What would the issuer need to be in this case given the above?
from samples.
JasSuri
commented on July 21, 2024
Since the issuer in your token is https://homingpigeon.onmicrosoft.com/
And the issuer in the OIDC Config is https://homingpigeon.b2clogin.com/1fb401b8-db27-4874-88a0-d3d3525f568c/v2.0/, its going to fail.
Either change the issuer in the token by looking at the code. Or override this key in B2C policy:
<Item Key="IdTokenAudience">https://homingpigeon.onmicrosoft.com/</Item>from samples.
stephenstroud
commented on July 21, 2024
@JasSuri Thanks that did it! :)
from samples.
Related Issues (20)
- Send a new code via SMS broken in latest page layout versions HOT 1
- Multiple providers support at signup HOT 1
- Sometimes the Continue button doesn't work
- Recurring prompt to enroll in Multi-Factor Authentication (MFA) using TOTP HOT 11
- Azure B2C identity provider increased the length of their generated authorization codes HOT 1
- Application claim "Identity Provider Access Token" not received HOT 1
- Cannot upload the modified B2CMigrate_Extensions HOT 1
- disable inactive account custom policy not working HOT 1
- Conditional Access Policies allow SignUp HOT 2
- Custom policy `change-sign-in-name`: The page cannot be displayed because an internal server error has occurred. HOT 1
- SelfAssert API return error code 400 when try to sign in after leaving idle overnight
- Policy sign-up-deep-link - Login Navigation HOT 3
- ROPC - Set grant_type, scope and client_id as default
- Azure AD B2C Front-channel logout URL Not Working HOT 1
- Azure B2C Password does not match error bad behaviour
- Whitespace error during policy validation
- All the demo in Sample package not work HOT 3
- Restore-MFA-Phone-Number Sample locks up after email address entry, doesn't send verification email HOT 1
- JWTissuer - Keyset does not exist exception
- Token acquisition requires the secret of the client used to login to B2C, rather than the secret of the calling application
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from samples.