Closed Jitenderios closed 4 years ago
jennyf19
commented
4 years ago @Jitenderios have you seen the documentation? Also, I think you need /tfp/ in the authority url. Like this:
https://ibotcontrols.b2clogin.com/tfp/ibotcontrols.onmicrosoft.com/B2C_1_0701
And make sure you're specifying it as a b2c authority in the code (the documentation linked above shows how to do that).
but @oldalton will know for sure.
Jitenderios
commented
4 years ago Hi @jennyf19, We have updated the authority url in the format you have suggested but still getting the same error.
Here is the log:-
https://ibotcontrols.b2clogin.com/tfp/ibotcontrols.onmicrosoft.com/B2C_1_0701 <MSALB2CAuthority: 0x282cf2fa0> %@ TID=988592 MSAL 1.0.0 iOS 13.2.3 [2020-01-20 07:54:38] Requiring default broker type due to app being built with iOS 13 SDK %@ TID=988592 MSAL 1.0.0 iOS 13.2.3 [2020-01-20 07:54:38 - 99DD0D79-0B02-41D5-8170-F95812FE0C43] [MSAL] -[MSALPublicClientApplication acquireTokenWithParameters:( "https://ibotcontrols.onmicrosoft.com/46555959-acc8-4e32-bc82-39645e482495/demo.read" ) extraScopesToConsent:(null) account:Masked(null) loginHint:Masked(null) promptType:MSALPromptTypeSelectAccount extraQueryParameters:(null) authority:<MSALB2CAuthority: 0x282cf2fa0> webviewType:MSALWebviewTypeDefault customWebview:No correlationId:(null) capabilities:(null) claimsRequest:(null)] %@ TID=988592 MSAL 1.0.0 iOS 13.2.3 [2020-01-20 07:54:38 - 99DD0D79-0B02-41D5-8170-F95812FE0C43] [MSAL] Beginning interactive flow. %@ TID=988592 MSAL 1.0.0 iOS 13.2.3 [2020-01-20 07:54:38 - 99DD0D79-0B02-41D5-8170-F95812FE0C43] [MSAL] Resolving authority: Masked(not-null), upn: Masked(null) %@ TID=988592 MSAL 1.0.0 iOS 13.2.3 [2020-01-20 07:54:38 - 99DD0D79-0B02-41D5-8170-F95812FE0C43] [MSAL] Resolved authority, validated: NO, error: -51114 %@ TID=988592 MSAL 1.0.0 iOS 13.2.3 [2020-01-20 07:54:38 - 99DD0D79-0B02-41D5-8170-F95812FE0C43] [MSAL] Interactive flow finished result (null), error: -51114 error domain: MSIDErrorDomain %@ TID=988592 MSAL 1.0.0 iOS 13.2.3 [2020-01-20 07:54:38 - 99DD0D79-0B02-41D5-8170-F95812FE0C43] [MSAL] acquireToken returning with error: (MSALErrorDomain, -50000) Masked(not-null) Could not acquire token: Error Domain=MSALErrorDomain Code=-50000 "(null)" UserInfo={MSALErrorDescriptionKey=Authority validation is not supported for this type of authority, MSALInternalErrorCodeKey=-42008, MSALCorrelationIDKey=99DD0D79-0B02-41D5-8170-F95812FE0C43} @oldalton
Thanks, Jitender
jennyf19
commented
4 years ago @Jitenderios are you setting the known authority?
let b2cApplicationConfig = MSALPublicClientApplicationConfig(clientId: "your-client-id", redirectUri: "your-redirect-uri", authority: b2cAuthority)
b2cApplicationConfig.knownAuthorities = [b2cAuthority]
oldalton
commented
4 years ago Please also see this document for additional information and steps needed. Thanks!
jennyf19
commented
4 years ago @Jitenderios the sample has been updated...want to try again?
Jitenderios
commented
4 years ago Hi @jennyf19 @oldalton
Thanks for the quick reply.
I have cloned the updated sample and ran the code with the existing credentials, it worked fine. But when I replaced it with my credentials, it showed error when i tapped on authorise button. Can I share my sample project to you to verify if the credentials which i am passing are all correct?
Here is the printed log when i ran the code with my credentials. The error this time is different than what i was getting earlier.
https://ibotcontrols.b2clogin.com/ibotcontrols.onmicrosoft.com/b2c_1_0701/oauth2/v2.0/authorize?p=B2C_1_0701&client_id=46555959-acc8-4e32-bc82-39645e482495&nonce=defaultNonce&redirect_uri=msauth.com.microsoft.identity.client.sample.MSALiOSB2C://auth&scope=openid&response_type=id_token&prompt=login %@ TID=1107432 MSAL 1.0.0 iOS 13.2.3 [2020-01-21 05:56:30] Requiring default broker type due to app being built with iOS 13 SDK %@ TID=1107432 MSAL 1.0.0 iOS 13.2.3 [2020-01-21 05:56:30 - 24FC61FF-8B0A-4432-973A-8BCD78E23240] [MSAL] -[MSALPublicClientApplication acquireTokenWithParameters:( "https://ibotcontrols.onmicrosoft.com/46555959-acc8-4e32-bc82-39645e482495/demo.read" ) extraScopesToConsent:(null) account:Masked(null) loginHint:Masked(null) promptType:MSALPromptTypeSelectAccount extraQueryParameters:(null) authority:<MSALB2CAuthority: 0x280889ce0> webviewType:MSALWebviewTypeDefault customWebview:No correlationId:(null) capabilities:(null) claimsRequest:(null)] %@ TID=1107432 MSAL 1.0.0 iOS 13.2.3 [2020-01-21 05:56:30 - 24FC61FF-8B0A-4432-973A-8BCD78E23240] [MSAL] Beginning interactive flow. %@ TID=1107432 MSAL 1.0.0 iOS 13.2.3 [2020-01-21 05:56:30 - 24FC61FF-8B0A-4432-973A-8BCD78E23240] [MSAL] Resolving authority: Masked(not-null), upn: Masked(null) %@ TID=1107432 MSAL 1.0.0 iOS 13.2.3 [2020-01-21 05:56:30 - 24FC61FF-8B0A-4432-973A-8BCD78E23240] [MSAL] Resolved authority, validated: NO, error: 0 %@ TID=1107432 MSAL 1.0.0 iOS 13.2.3 [2020-01-21 05:56:30 - 24FC61FF-8B0A-4432-973A-8BCD78E23240] [MSAL] No cached preferred_network for authority %@ TID=1107622 MSAL 1.0.0 iOS 13.2.3 [2020-01-21 05:56:31 - 24FC61FF-8B0A-4432-973A-8BCD78E23240] [MSAL] Http error raised. Http Code: 404 Description Masked(not-null) %@ TID=1107622 MSAL 1.0.0 iOS 13.2.3 [2020-01-21 05:56:31 - 24FC61FF-8B0A-4432-973A-8BCD78E23240] [MSAL] Interactive flow finished result (null), error: -51500 error domain: MSIDHttpErrorCodeDomain %@ TID=1107622 MSAL 1.0.0 iOS 13.2.3 [2020-01-21 05:56:31 - 24FC61FF-8B0A-4432-973A-8BCD78E23240] [MSAL] acquireToken returning with error: (MSALErrorDomain, -50000) Masked(not-null) Could not acquire token: Error Domain=MSALErrorDomain Code=-50000 "(null)" UserInfo={MSALErrorDescriptionKey=not found, MSALHTTPResponseCodeKey=404, MSALCorrelationIDKey=24FC61FF-8B0A-4432-973A-8BCD78E23240, MSALInternalErrorCodeKey=-42007, MSALHTTPHeadersKey=<CFBasicHash 0x281d08540 [0x1ef2a35e0]>{type = immutable dict, count = 9, entries => 0 : X-Content-Type-Options = nosniff 1 : Content-Type = text/html 3 : Strict-Transport-Security = <CFString 0x281d07580 [0x1ef2a35e0]>{contents = "max-age=31536000; includeSubDomains"} 6 : Date = <CFString 0x2806fe4c0 [0x1ef2a35e0]>{contents = "Tue, 21 Jan 2020 05:56:30 GMT"} 7 : x-ms-gateway-requestid = <CFString 0x281d074c0 [0x1ef2a35e0]>{contents = "015abcb6-3d4b-4d8f-b92d-784a65325d2b"} 8 : X-Frame-Options = DENY 9 : X-XSS-Protection = <CFString 0x2808b3e80 [0x1ef2a35e0]>{contents = "1; mode=block"} 10 : Content-Length = 1245 11 : Cache-Control = private } }
jennyf19
commented
4 years ago @Jitenderios thanks for the update. by "your credentials" do you mean our own app settings? Can you share the value you're using for the b2c authority? and if you want, you can share a zip file w/the repro. feel free to email me: jeferrie@microsoft.com
jennyf19
commented
4 years ago You don't need to pass in the actual endpoint, as MSAL obj-c lib will create the correct endpoints for you based on the b2c authority passed in and using the metadata returned from AAD B2C, found at .../v2.0/.well-known/openid-configuration
let kEndpoint = "https://ibotcontrols.b2clogin.com/ibotcontrols.onmicrosoft.com/b2c_1_0701/oauth2/v2.0/authorize?p=B2C_1_0701&client_id=46555959-acc8-4e32-bc82-39645e482495&nonce=defaultNonce&redirect_uri=msauth.com.microsoft.identity.client.sample.MSALiOSB2C://auth&scope=openid&response_type=id_token&prompt=login"Should be:
https://ibotcontrols.b2clogin.com/tfp/ibotcontrols.onmicrosoft.com/b2c_1_0701Also, uncomment this section:
let kEndpoint = "https://%@/tfp/%@/%@"and add this back in getAuthority:
guard let authorityURL = URL(string: String(format: self.kEndpoint, self.kAuthorityHostName, self.kTenantName, policy))You can put a breakpoint on line 388 and see what the authorityURL is.
Jitenderios
commented
4 years ago Hi @jennyf19 ,
Thanks a-lot for the detailed answer. I tried the above steps and now I am able to go forward in the app, the app now opened the webview on the app with login page. When I tried to login with Google and also while creating new user, it got a error there. It says MSALErrorDescriptionKey=Authentication response received without expected accessToken, MSALInternalErrorCodeKey=-42008.
--->Here is the error log:-
Could not acquire token: Error Domain=MSALErrorDomain Code=-50000 "(null)" UserInfo={MSALErrorDescriptionKey=Authentication response received without expected accessToken, MSALInternalErrorCodeKey=-42008, MSALCorrelationIDKey=E09EF7F0-E208-4045-868C-26CE7A627ED7}
---> Here is the complete log:- *
https://ibotcontrols.b2clogin.com/tfp/ibotcontrols.onmicrosoft.com/B2C_1_0701 %@ TID=1222781 MSAL 1.0.0 iOS 13.2.3 [2020-01-22 05:35:30] Requiring default broker type due to app being built with iOS 13 SDK %@ TID=1222781 MSAL 1.0.0 iOS 13.2.3 [2020-01-22 05:35:30 - E09EF7F0-E208-4045-868C-26CE7A627ED7] [MSAL] -[MSALPublicClientApplication acquireTokenWithParameters:( "https://ibotcontrols.onmicrosoft.com/46555959-acc8-4e32-bc82-39645e482495/demo.read" ) extraScopesToConsent:(null) account:Masked(null) loginHint:Masked(null) promptType:MSALPromptTypeSelectAccount extraQueryParameters:(null) authority:<MSALB2CAuthority: 0x283e55b00> webviewType:MSALWebviewTypeDefault customWebview:No correlationId:(null) capabilities:(null) claimsRequest:(null)] %@ TID=1222781 MSAL 1.0.0 iOS 13.2.3 [2020-01-22 05:35:30 - E09EF7F0-E208-4045-868C-26CE7A627ED7] [MSAL] Beginning interactive flow. %@ TID=1222781 MSAL 1.0.0 iOS 13.2.3 [2020-01-22 05:35:30 - E09EF7F0-E208-4045-868C-26CE7A627ED7] [MSAL] Resolving authority: Masked(not-null), upn: Masked(null) %@ TID=1222781 MSAL 1.0.0 iOS 13.2.3 [2020-01-22 05:35:30 - E09EF7F0-E208-4045-868C-26CE7A627ED7] [MSAL] Resolved authority, validated: NO, error: 0 %@ TID=1222781 MSAL 1.0.0 iOS 13.2.3 [2020-01-22 05:35:30] Start background app task with type 0 %@ TID=1222781 MSAL 1.0.0 iOS 13.2.3 [2020-01-22 05:38:38] Stop background task with type 0 %@ TID=1222781 MSAL 1.0.0 iOS 13.2.3 [2020-01-22 05:38:38 - E09EF7F0-E208-4045-868C-26CE7A627ED7] [MSAL] No cached preferred_network for authority %@ TID=1226010 MSAL 1.0.0 iOS 13.2.3 [2020-01-22 05:38:42] Failed to initialize issuer authority with error MSIDErrorDomain, -51112 %@ TID=1226010 MSAL 1.0.0 iOS 13.2.3 [2020-01-22 05:38:42 - E09EF7F0-E208-4045-868C-26CE7A627ED7] Unsuccessful token response, error MaskedError(MSIDErrorDomain, -51100) %@ TID=1226010 MSAL 1.0.0 iOS 13.2.3 [2020-01-22 05:38:42 - E09EF7F0-E208-4045-868C-26CE7A627ED7] [MSAL] Interactive flow finished result (null), error: -51100 error domain: MSIDErrorDomain Could not acquire token: Error Domain=MSALErrorDomain Code=-50000 "(null)" UserInfo={MSALErrorDescriptionKey=Authentication response received without expected accessToken, MSALInternalErrorCodeKey=-42008, MSALCorrelationIDKey=E09EF7F0-E208-4045-868C-26CE7A627ED7} %@ TID=1226010 MSAL 1.0.0 iOS 13.2.3 [2020-01-22 05:38:42 - E09EF7F0-E208-4045-868C-26CE7A627ED7] [MSAL] acquireToken returning with error: (MSALErrorDomain, -50000) Masked(not-null)
oldalton
commented
4 years ago @Jitenderios, is the "https://ibotcontrols.onmicrosoft.com/46555959-acc8-4e32-bc82-39645e482495/demo.read" valid scope? B2C will ignore scopes it doesn't recognize and skip returning an access token which would cause this error.
Jitenderios
commented
4 years ago Thanks @oldalton, the scope was not valid. After updating the scope, I am now able to get access token.
@jennyf19
Thanks, Jitender
jennyf19
commented
4 years ago @Jitenderios can we close this issue and the other one now? glad you are unblocked. cc: @secorre92
Jitenderios
commented
4 years ago Hi Jenny,
Thanks for the support. Yes this issue has now been resolved. I am now able to get access token. Yes, you can close this issue now.
Thanks a lot for your help.
Great working with you.
Thanks & Regards,
Jitender Kumar Yadav
jennyf19
commented
4 years ago closing as per @Jitenderios
hongfeiyang
commented
4 years ago updating
Thanks @oldalton, the scope was not valid. After updating the scope, I am now able to get access token.
@jennyf19
Thanks, Jitender
Hi @jennyf19 , I also run into the same issue, may I know how did you update scope to the correct settings?
Jins17994
commented
3 years ago @Jitenderios, is the "https://ibotcontrols.onmicrosoft.com/46555959-acc8-4e32-bc82-39645e482495/demo.read" valid scope? B2C will ignore scopes it doesn't recognize and skip returning an access token which would cause this error.
I have the same issue, how do you fix it? could you plz post the scope?
Hi,
Xcode:- 11.3 iOS 13.2.3
I am getting error when I am hitting authorise button with my own created azure tenant id and application on the Azure portal. Here is the error:- https://ibotcontrols.b2clogin.com/ibotcontrols.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1_0701&client_id=46555959-acc8-4e32-bc82-39645e482495 <MSALB2CAuthority: 0x281066a00> %@ TID=276726 MSAL 1.0.0 iOS 13.2.3 [2020-01-17 12:49:06] Requiring default broker type due to app being built with iOS 13 SDK %@ TID=276726 MSAL 1.0.0 iOS 13.2.3 [2020-01-17 12:49:06 - 1C17DF4D-844E-45DB-A867-74AC24D40570] [MSAL] -[MSALPublicClientApplication acquireTokenWithParameters:( "https://ibotcontrols.onmicrosoft.com/46555959-acc8-4e32-bc82-39645e482495/demo.read" ) extraScopesToConsent:(null) account:Masked(null) loginHint:Masked(null) promptType:MSALPromptTypeSelectAccount extraQueryParameters:(null) authority:<MSALB2CAuthority: 0x281066a00> webviewType:MSALWebviewTypeDefault customWebview:No correlationId:(null) capabilities:(null) claimsRequest:(null)]
Could not acquire token: Error Domain=MSALErrorDomain Code=-50000 "(null)" UserInfo={MSALErrorDescriptionKey=Authority validation is not supported for this type of authority, MSALInternalErrorCodeKey=-42008, MSALCorrelationIDKey=1C17DF4D-844E-45DB-A867-74AC24D40570}
@oldalton @jennyf19
Please help.
Thanks, Jitender