Azure AD B2C Microsoft Account redirect_uri failure

Question

I'm unable to get Microsoft Account authentication to work on an AspNet Core 2.1 website (I have Google authentication working).

When I click on the Microsoft Account button from the social sign in page, I eventually land on a "technical problems" error page. My web browser is Google Chrome, under Windows 10, latest updates.

In an attempt to diagnose what's going on, I installed LinkResearchTools Link Redirect Trace to try and follow the redirects that ultimately landed me on that error page. I'm not sure that's the best way to debug/trace what's happening, but it's all I could think of.

Clicking the Sign In link in the header of the website, the first redirect is:

https://ridemonitor.b2clogin.com/ridemonitor.onmicrosoft.com/b2c_1_signupin/oauth2/v2.0/authorize?client_id=035ba5c4-d1a6-41c4-9425-0985bb4aa5de&redirect_uri=https%3A%2F%2Flocalhost%3A44305%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636729887963798999.OTllOWQ4MDEtZDc0YS00MjUxLWE4ZDAtODAwMThmYzllNmVkNjUxNWU0OTktYmMzNS00MmQwLWFiYmUtNjgwMDJhNzFjOWIy&state=CfDJ8DUZTACb0dBAqZ5KhCEik9SlgAhmUgNWHdhe3rNb-d3M1xYGQlIDMzSq5UyB1P-3d3jziI06Mj94rQcnyGpiykGdDqvy588DrhR-wi0bj2SLVyRoyTclszwbBdXKgXfukRJ0Soif1eJzWBUbZU6_osWgzmh8hgvlGIUON62n3MidLRTgJ4Ca0VN_VJe_9vpfWF6TGUBOAuODlXTZAEEDbopqSuzKXweE0nUR-jv-aAj7v3vgV0NHC6rJKvHVaRyw7oYkD1-my6-AOWq1-U5ttokJfCjMKMYDD8dr_UM3jg_P&x-client-SKU=ID_NETSTANDARD1_4&x-client-ver=5.2.0.0

That takes me to a "social signin" page, where I can choose either Google (which works) or MicrosoftAccount (which doesn't).

The next redirect is:

https://login.live.com/oauth20_authorize.srf?client_id=704398a8-908a-4512-9cc0-4453014b4714&redirect_uri=https%3a%2f%2fridemonitor.b2clogin.com%2fridemonitor.onmicrosoft.com%2foauth2%2fauthresp&response_type=code&scope=openid+profile+email&response_mode=form_post&nonce=OVJptuLcHfkYUCTk36vO6g%3d%3d&state=StateProperties%3deyJTSUQiOiJ4LW1zLWNwaW0tcmM6ZTU1MDdhMzYtMmJjYy00Y2Y4LWFlNGEtNmVjY2VkNjU0MWZkIiwiVElEIjoiNDkwNTEwYTctNDAwYy00MjI3LThlODMtNmRhOTUxZTQyMmI1In0

which then redirects me to:

https://login.live.com/err.srf?lc=1033#error=invalid_request&error_description=The+provided+value+for+the+input+parameter+'redirect_uri'+is+not+valid.+The+expected+value+is+'https://login.live.com/oauth20_desktop.srf'+or+a+URL+which+matches+the+redirect+URI+registered+for+this+client+application.&state=StateProperties%3deyJTSUQiOiJ4LW1zLWNwaW0tcmM6ZTU1MDdhMzYtMmJjYy00Y2Y4LWFlNGEtNmVjY2VkNjU0MWZkIiwiVElEIjoiNDkwNTEwYTctNDAwYy00MjI3LThlODMtNmRhOTUxZTQyMmI1In0

which displays the error page.

Note that, buried in the final link, is an error description field (which for some reason doesn't get displayed on the error page). If I'm interpreting it correctly, it's saying I have a mismatch with the redirect_uri set in either the Azure portal, my website app, or both.

Yet I think the redirects are set consistently:

• website app, via appsettings.json: "RedirectUri": "https://localhost:44305/signin-oidc"
• Azure portal, via app properties reply url: https://localhost:44305/signin-oidc

So I'm obviously missing something somewhere. Thoughts?

Answer 1

As described by the "Set up sign-up and sign-in with a Microsoft account using Azure Active Directory B2C" article, you must register the following redirect URL with the Microsoft identity provider:

https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp

It is this redirect URL that is sent from Azure AD B2C to the Microsoft identity provider to return to Azure AD B2C after the Microsoft sign-in.

Answer 2

I found that if you were using the link in the following format and using the .NET Core template

https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp

Then it was also necessary to update appsettings.json as follows:

"AzureAdB2C": { "Instance": "https://your-tenant-name.b2clogin.com/tfp/",