Open steve-cardenas opened 1 year ago
In the example described in aad-b2c-resource-server. In the section "Access the web api" in point 1, the token is obtained from Azure AD and not from b2c (https://github.com/Azure-Samples/azure-spring-boot-samples/tree/main/aad/spring-cloud-azure-starter-active-directory-b2c/aad-b2c-resource-server#access-the-web-api)
It should be as follows to use real B2C instead of AD.
curl -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=client_credentials&client_id=
But the problem is that then the issuer error comes out when the token is generated by the Azure B2C
While working on an Angular App connected to Azure B2C, I received the next exception while using the aad-b2c-resource-server API.
However, the app functioned properly when I tried using the test curl with the client credentials.
THE EXCEPTION WWW-Authenticate: Bearer error="invalid_token", error_description="An error occurred while attempting to decode the Jwt: The issuer: 'https://XXXXXX.b2clogin.com/e761f276-37f8-499d-aaec-47801cdea4d1/v2.0/' is not registered in trusted issuer repository, so cannot create JWSKeySelector.", error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"
I was reviewing the issuer generation process and noticed a difference.
When I used the client's credentials, the "iss" value was set to "https://login.microsoftonline.com/e761f276-37f8-499d-aaec-47801cdea4d1/v2.0". However, when I used my Angular app, the "iss" value changed to "https://ABC.b2clogin.com/e761f276-37f8-499d-aaec-47801cdea4d1/v2.0/".