I am using Symfony 3.4 and knpuniversity/oauth2-client-bundle (v1.34.0) with the client library thenetworg/oauth2-azure (v1.4.2) to connect to an Azure AD B2C App.
When I initiate an authorization request, the generated URL has this form : https://blablabla.onmicrosoft.com/oauth2/v2.0/authorize, followed by several parameters, one of them being for the policy : p=b2c_1_signupin/{tenant_name}/oauth2/authorize
When I compare this generated URL with the URL given by our client, I can see that this p-parameter for the policy isn't correct, it should be : p=b2c_1_signupin
How can I set the correct parameter for the policy ?
After lots of trial/errors my actual config in the config.yml is :
knpu_oauth2_client:
clients:
azure:
type: azure
client_id: '%OAUTH_AZURE_CLIENT_ID%'
client_secret: '%OAUTH_AZURE_CLIENT_SECRET%'
redirect_route: connect_azure_check
redirect_params: { }
url_login: 'https://{tenant}.onmicrosoft.com/oauth2/v2.0/authorize?p=b2c_1_signupin/'
tenant: '%OAUTH_AZURE_TENANT_NAME%'
url_api: 'https://{tenant}.onmicrosoft.com/v2.0/'
api_version: '1.6'
The resulting policy parameter actually appends after the policy name the tenant_name and the path_authorize ('oauth2/authorize')
p=b2c_1_signupin/{tenant_name}/{path_authorize}
With this parameter, I get the error message : The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
To be working, the policy parameter should however be only
p={policy_name}, i.e. p=b2c_1_signupin without the appended {tenant_name} and {path_authorize}
How can I achieve this ?
https://learn.microsoft.com/en-us/azure/active-directory-b2c/openid-connect#send-authentication-requests
You don’t need to use query parameters for the policy Id. It’s supported as part of the authority: