search

AzureAD / microsoft-identity-web

Helps creating protected web apps and web APIs with Microsoft identity platform and Azure AD B2C
MIT License
684 stars 217 forks source link

OWIN Code does not read / use all settings #2387

Closed guillaumejay closed 1 year ago

guillaumejay commented 1 year ago

Microsoft.Identity.Web Library

Microsoft.Identity.Web

Microsoft.Identity.Web version

2.11.1

Web app

Sign-in users and call web APIs

Web API

Not Applicable

Token cache serialization

In-memory caches

Description

I'm trying to connect the test/devapps/asp.net MVC/OwinWebApp application to our Azure AD B2C and there is several issues in the AppBuilderExtension method in Microsoft.Identity.Web.Owin : when creating the OpenIdConnectAuthenticationOptions required for UseOpenIdConnectAuthentication :

Reproduction steps

1 I think just trying to connect to an AzureADB2C domain should show at least the replyurl problem

Error message

No response

Id Web logs

No response

Relevant code snippets

this is the current problematic .NET FW classic code : https://github.com/AzureAD/microsoft-identity-web/blob/master/src/Microsoft.Identity.Web.OWIN/AppBuilderExtension.cs#L125
   string authority = instance + tenantId + "/v2.0";

            OpenIdConnectAuthenticationOptions options = new()
            {
                ClientId = clientId,
                Authority = authority,
                PostLogoutRedirectUri = postLogoutRedirectUri,
                Scope = "openid profile offline_access user.read",
                ResponseType = "code",

                Notifications = new OpenIdConnectAuthenticationNotifications()
                {
=> scope is constant
=> redirecturi is not set
=> authority is not valid with SignUpSignInPolicyId

About this last point, this is the current in Microsoft.Identity.Web/AuthorityHelpers.cs :
      if (options.IsB2C)
      {
          var userFlow = options.DefaultUserFlow;
          return new Uri(baseUri, new PathString($"{baseUri.PathAndQuery}{domain}/{userFlow}/v2.0")).ToString();
      }

      return new Uri(baseUri, new PathString($"{baseUri.PathAndQuery}{tenantId}/v2.0")).ToString();

Regression

No response

Expected behavior

I'd like to able to see my Owin configuration in settings replyurl, scope, and SignUpSignInPolicyId used correctly.

By modifying this code locally I was able to make it work.

guillaumejay commented 1 year ago

The solution for this is to use the UpdateOptions parameters of AddMicrosoftIdentityWebApp

Maybe the documentation could be clearer ?

Anyway thanks for adding this possibility, great job !

jmprieur commented 1 year ago

Thanks @guillaumejay Would you like to provide a link on an example where you made it work?