steve-cardenas
commented
1 year ago In the example described in aad-b2c-resource-server. In the section "Access the web api" in point 1, the token is obtained from Azure AD and not from b2c (https://github.com/Azure-Samples/azure-spring-boot-samples/tree/main/aad/spring-cloud-azure-starter-active-directory-b2c/aad-b2c-resource-server#access-the-web-api)
It should be as follows to use real B2C instead of AD.
curl -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=client_credentials&client_id=
But the problem is that then the issuer error comes out when the token is generated by the Azure B2C
Netyyyy
While working on an Angular App connected to Azure B2C, I received the next exception while using the aad-b2c-resource-server API.
However, the app functioned properly when I tried using the test curl with the client credentials.
THE EXCEPTION WWW-Authenticate: Bearer error="invalid_token", error_description="An error occurred while attempting to decode the Jwt: The issuer: 'https://XXXXXX.b2clogin.com/e761f276-37f8-499d-aaec-47801cdea4d1/v2.0/' is not registered in trusted issuer repository, so cannot create JWSKeySelector.", error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"
I was reviewing the issuer generation process and noticed a difference.
When I used the client's credentials, the "iss" value was set to "https://login.microsoftonline.com/e761f276-37f8-499d-aaec-47801cdea4d1/v2.0". However, when I used my Angular app, the "iss" value changed to "https://ABC.b2clogin.com/e761f276-37f8-499d-aaec-47801cdea4d1/v2.0/".